Florian Weimer: > * Eddy Nigg: > > >> The CAs should prevent issuance of certificates which are suspected to >> be used for phishing attempts and other fraud. This includes cases like >> real domain names (mic0s0ft.com, paypa1.com) and sub domain names >> (paypal.nelson.com). >> > > Is there any CA which is part of the browser PKI which actually does > this? > > Yes! I can point you to this [1] article which mentions:
"Geotrust has a rigorous process in place to check for phishy certificate requests that relies on algorithms which check cert requests for certain words, misspellings or phrases that may indicate a phisher is involved." Incidentally as you can read in the article, the system failed and a certificate was issued wrongfully. Also StartCom has a similar system deployed which performs various checks - including check with third party sources, before the issuance of any certificate and post checks are performed as well. I guess these are not the only examples. I happened to read enough CPSs of CAs which mention this explicitly for reasons of non-issuance and/or revocation of certificates. [1] http://blog.washingtonpost.com/securityfix/2006/02/the_new_face_of_phishing_1.html -- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
