Mozilla ha published a list of problem reporting mechanisms (mostly email addresses) for all root CAs in our program. It is the first link under 'Information for the Public' at https://wiki.mozilla.org/CA#Information_for_the_Public
Wayne On Mon, Feb 19, 2018 at 4:05 PM, Kirk Hall via Public <[email protected]> wrote: > John and Peter – this issue has actually come up recently – I think you > have a very good idea. > > > > We’ll add to our agenda for the next Forum Teleconference call. Thanks. > > > > Kirk > > > > *From:* John LaCour [mailto:[email protected]] > *Sent:* Monday, February 19, 2018 2:45 PM > *To:* [email protected] > *Cc:* [email protected] > *Subject:* Directory of abuse reporting contacts for CAs? > > > > Dear CA Representative: > > > > The CA/Browser Forum’s Baseline Requirements Section 4.9.3 says in part: > > > > “The CA SHALL provide Subscribers, Relying Parties, Application Software > Suppliers, and other third parties with clear instructions for reporting > suspected Private Key Compromise, Certificate misuse, or other types of > fraud, compromise, misuse, inappropriate conduct, or any other matter > related to Certificates. The CA SHALL publicly disclose the instructions > through a readily accessible online means.” > > > > However, we sometimes find it difficult to instructions on how and where > to submit reports to issuing CAs to request certification revocation due to > malicious use. > > > > Would it be possible for the Forum and/or the browser community to create > a list of reporting email addresses for each CA in the browser root > programs, and post the list to an obvious page on the Forum’s website, and > maybe also on the CCADB website (Resources tab)? > > > > If for whatever reason, the Forum decides not to make a consolidated > listing available as a public resource, we would be grateful if the CAs > would provide this information directly so that we may provide a > consolidated list to the anti-phishing community via the Anti-Phishing > Working Group (APWG). > > > > Also, we would like to make you aware of an APWG program, AmDoS (1) , > which facilitates the suspension of malicious domain names. The program > introduces a vetting program for reporters to submit takedown requests to > participating domain registries. This may potentially be a useful model to > facilitate revocation requests between the anti-phishing community and CAs. > Better, it is built and working and ready to update for the Forum’s needs. > > > > We thank you in advance for your help in this effort. We look forward to > collaborating with the Forum soon. > > > > Sincerely, > > John LaCour > > CTO, PhishLabs > > [email protected] > > > > Peter Cassidy > > Secretary General, APWG > > [email protected] > > > > (1) https://www.antiphishing.org/apwg-news-center/amdos/ > > > > > > > > -- > > John LaCour > > Founder and Chief Technology Officer > > M: +1.415.425.5646 <(415)%20425-5646> > > [email protected] > > > > _______________________________________________ > Public mailing list > [email protected] > https://cabforum.org/mailman/listinfo/public > >
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
