[cabfpub] [cabfman] Deceptive SSL cert issued for fake Chase domain
Ben Wilson
ben at digicert.com
Wed Sep 11 15:40:20 UTC 2013
This is similar to what we'll be discussing during today's code signing
baseline requirements call -- how to screen applicants for fraud / malware.
-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Brian Trzupek
Sent: Wednesday, September 11, 2013 6:48 AM
To: Gervase Markham
Cc: CABFPub
Subject: Re: [cabfpub] [cabfman] Deceptive SSL cert issued for fake Chase
domain
Just to add. From a CA perspective, we have a "blacklist" that contains
keywords of various forms, domains of various forms, and other attributes
that we run the Certs through before issuance.
The challenge I have always seen is that when a domain triggers this trap,
it is flagged for manual review.
During manual review there are a few items we perform ( high risk checks,
known bad offenders, etc) - but if all that passes then we go look at the
site and it comes down to a human decision based on the content of that
domain at that point in time. That doesn't seem too steady, but its the best
we have for now.
How do others deal with this?
Sent from my iPhone
On Sep 11, 2013, at 7:40 AM, Gervase Markham <gerv at mozilla.org> wrote:
> On 11/09/13 12:25, Ryan Sleevi wrote:
>> Given the number of new gTLDS being approved, many of which are
>> common English words, I don't feel that this 'common sense' approach
>> actually provides benefits.
>
> That is true. Perhaps it would be better for a CA to check for any of
> its "high value domain list" as a substring of the requested string.
>
> I agree that CAs should not be held solely responsible here, but this
> seems like a fairly simple addition (given that they are already
> checking for equality with the high value list!) that would have
> reasonably few false positives.
>
> Gerv
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
________________________________
This transmission may contain information that is privileged, confidential,
and/or exempt from disclosure under applicable law. If you are not the
intended recipient, you are hereby notified that any disclosure, copying,
distribution, or use of the information contained herein (including any
reliance thereon) is strictly prohibited. If you received this transmission
in error, please immediately contact the sender and destroy the material in
its entirety, whether in electronic or hard copy format.
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5453 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130911/b56abaaf/attachment-0001.p7s>
More information about the Public
mailing list