Rather than what you suggest, I think the following could be high risk: свiтова-пошта.info. xn--i--7kcbgb7fdinng1f.info.
гooms17139.link. xn--ooms17139-uzh.link. мцяsц.lol. xn--s-wtb4ab7b.lol. сaентология.net. xn--a-ftbfnnlhbvn2m.net. aμ.net. xn--a-mmb.net. μc.net. xn--c-lmb.net. ωe.net. xn--e-cnb.net. аgentur.net. xn--gentur-2nf.net. ωomega.net. xn--omega-gee.net. phantфm.net. xn--phantm-7rf.net. रोले盧स.net. xn--t2bes3ds6749n.net. On Wed, Feb 22, 2017 at 7:55 PM, Richard Wang <rich...@wosign.com> wrote: > I don't agree this. > If "apple", "google", "Microsoft" is not a high risk domain, then I don’t > know which domain is high risk domain, maybe only "github". > > Best Regards, > > Richard > > -----Original Message----- > From: Peter Bowen [mailto:pzbo...@gmail.com] > Sent: Thursday, February 23, 2017 11:53 AM > To: Richard Wang <rich...@wosign.com> > Cc: r...@sleevi.com; mozilla-dev-security-pol...@lists.mozilla.org; Tony > Zhaocheng Tan <t...@tonytan.io>; Gervase Markham <g...@mozilla.org> > Subject: Re: Let's Encrypt appears to issue a certificate for a domain that > doesn't exist > > On Wed, Feb 22, 2017 at 7:35 PM, Richard Wang via dev-security-policy > <dev-security-policy@lists.mozilla.org> wrote: >> As I understand, the BR 4.2.1 required this: >> >> “The CA SHALL develop, maintain, and implement documented procedures that >> identify and require additional verification activity for High Risk >> Certificate Requests prior to the Certificate’s approval, as reasonably >> necessary to ensure that such requests are properly verified under these >> Requirements.” >> >> Please clarify this request, thanks. > > Richard, > > That sentence does not say that domain names including "apple", "google", or > any other string are High Risk Certificate Requests > (HRCR). I could define HRCR as being those that contain domain names > that contain mixed script characters as defined in UTS #39 section 5.1. > "apple-id-2.com" is not mixed script so it is not a HRCR based on this > definition. > > Thanks, > Peter _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
