In the last days Let's Encrypt continued to issue certificates to a fraudulent
website. The certificates of concern can be seen here:
https://crt.sh/?Identity=entry.credit-suisse.services
The problem report was answered by Let's Encrpyt with an answer indicating that
they will continue to
On Wed, Aug 12, 2020 at 06:25:00PM -0700, cbon...--- via dev-security-policy
wrote:
> > I'm yet to have a CA baulk at accepting a CSR as proof of compromise. It
> > has the benefit of not having nearly as many superfluous fields as a
> > certificate, as well. In terms of being able to deal with
[snip]
>> So the question now is what the community intends to do to retain trust
>> in a certificate issuer with such an obvious malpractise enabling
>> phishing sites?
>
> TLS is the wrong layer to address phishing at, and this issue has already
> been discussed extensively on this list.
On Tue, Aug 11, 2020, at 15:20, nathali...--- via dev-security-policy wrote:
> The problem report was answered by Let's Encrpyt with an answer
> indicating that they will continue to issue and hence are not following
> BRG 4.2.1. requiring them to have procedures in place for such High
> Risk
4 matches
Mail list logo