Concerns with Let's Encrpyt repeated issuing for known fraudulent sites

In the last days Let's Encrypt continued to issue certificates to a fraudulent website. The certificates of concern can be seen here: https://crt.sh/?Identity=entry.credit-suisse.services The problem report was answered by Let's Encrpyt with an answer indicating that they will continue to

Re: Proposal for a standard proof of compromised key/revocation request format

On Wed, Aug 12, 2020 at 06:25:00PM -0700, cbon...--- via dev-security-policy wrote: > > I'm yet to have a CA baulk at accepting a CSR as proof of compromise. It > > has the benefit of not having nearly as many superfluous fields as a > > certificate, as well. In terms of being able to deal with

Re: Concerns with Let's Encrpyt repeated issuing for known fraudulent sites

[snip] >> So the question now is what the community intends to do to retain trust >> in a certificate issuer with such an obvious malpractise enabling >> phishing sites? > > TLS is the wrong layer to address phishing at, and this issue has already > been discussed extensively on this list.

Re: Concerns with Let's Encrpyt repeated issuing for known fraudulent sites

On Tue, Aug 11, 2020, at 15:20, nathali...--- via dev-security-policy wrote: > The problem report was answered by Let's Encrpyt with an answer > indicating that they will continue to issue and hence are not following > BRG 4.2.1. requiring them to have procedures in place for such High > Risk