On Wed, Apr 26, 2017 at 4:02 PM, okaphone.elektronika--- via
dev-security-policy <dev-security-policy@lists.mozilla.org> wrote:

> I think this is getting weird.
> At first (some other thread) it get's explained that e.g. LetsEncrypt does
> not do anything beyond domain validation and possibly on notification take
> down a few certificates of phishing site. And that was "... all OK because
> we want SSL to be used everywhere, and anyway domain validation means just
> that, nothing more..."
> And now you guys are suddenly seeing problems in wild card certificates
> "... because it could be use for phishing..." Ehm, what?

Could you point to examples? I think the tone of this thread has almost
universally been consistent with the people who have said phishing isn't
for the CAs :)

> I like it this way. Thats why I'm paying Comodo for their services. If you
> are going to make this kind of thing impossible then you are:

Who do you believe "you guys" are?

> 1) Frustrating me.
> 2) Causing Comodo to lose business, for I will have to use LetsEncrypt
> instead.
> 3) Putting all my eggs in one basket (there is currently no alternative
> for LetsEncrypt).
> 4) Not solving the problem at all, it's easy to get a certificate for a
> phishing domain from LetsEncrypt.
> 5) Trying to do something that certificates are not meant for. I don't
> think it is (or should be) the responsibility of CA's to verify that sites
> are not used for phishing.

I think almost everyone on this thread has expressed general agreement :)

I think you may be confusing the phishing discussion (which was only
brought up once or twice) with the general _capability_/_security_
discussion, for which a wildcard certificate has unlimited capability (over
a subdomain), and thus much greater risk, and the desire to balance that

The risk is not phishing. The risk is incidental effects of compromise.
It's no different than a discussion of compromise of a technically
constrained sub-CA (which is an 'ultra-wildcard') or of an unconstrained
sub-CA/CA itself (which is a 'global-wildcard'). Each level has different
risks, and we want to make sure they're all treated accordingly. Phishing
has not been preeminent among that discussion of risks, and so if that's
your takeaway, I would say the message on this thread has been fairly
consistent in agreeing with you that certs don't solve phishing.
dev-security-policy mailing list

Reply via email to