[Servercert-wg] High Risk Certificate Requests

Ryan Sleevi sleevi at google.com
Thu May 28 08:36:32 MST 2020


We'd support removing both of the concrete examples (e.g. Miller Smiles and
GSB), as this is fundamentally a matter of CA policy and interpretation.

On Thu, May 28, 2020 at 9:42 AM Neil Dunbar via Servercert-wg <
servercert-wg at cabforum.org> wrote:

> All,
>
> Looking in the BRs, I noticed that HRCR is defined:
>
> > High Risk Certificate Request: A Request that the CA flags for
> > additional scrutiny by reference to internal criteria and databases
> > maintained by the CA, which may include names at higher risk for
> > phishing or other fraudulent usage, names contained in previously
> > rejected certificate requests or revoked Certificates, names listed on
> > the Miller Smiles phishing list or the Google Safe Browsing list, or
> > names that the CA identifies using its own risk-mitigation criteria
> I realise that Google Safe Browsing is just being used as an
> illustration, but given that GSB (for commercial purposes) has been
> replaced by Google in favour of the Web Risk API, is it worth cleaning
> up this text, given that most CAs would be commercial entities, thus
> prohibited from using the GSB API?
>
> Just a thought,
>
> Neil
>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> http://cabforum.org/mailman/listinfo/servercert-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20200528/4a1da125/attachment.html>


More information about the Servercert-wg mailing list