[cabfpub] [cabfman] Deceptive SSL cert issued for fake Chase domain
Gervase Markham
gerv at mozilla.org
Wed Sep 11 12:39:51 UTC 2013
On 11/09/13 12:25, Ryan Sleevi wrote:
> Given the number of new gTLDS being approved, many of which are common
> English words, I don't feel that this 'common sense' approach actually
> provides benefits.
That is true. Perhaps it would be better for a CA to check for any of
its "high value domain list" as a substring of the requested string.
I agree that CAs should not be held solely responsible here, but this
seems like a fairly simple addition (given that they are already
checking for equality with the high value list!) that would have
reasonably few false positives.
Gerv
More information about the Public
mailing list