Complaint: Does not take down rogue SSL Certificate Requests

on 16 December 2021 about GoDaddy in category Hosting

New complaint
Complaint pending
Complaint resolved
Complaint closed

My complaint:

GoDaddy, as a root CA, offer a service of issuing SSL certificates on any domain. Although the procedure of issuing a new certificate includes validation with the domain owner, a malicious user is capable of spamming the owners with validation emails, hoping for the owner to accidentally approve the certificate. Attempts to contact GoDaddy’s abuse team or general support have no effect, and the validation emails keep coming in.

More information provided on Security.StackExchange article: https://security.stackexchange.com/questions/258014/reporting-a-root-ca-non-compliance

0 0 votes
Justified complaint?

Suggested solution:

Resolution depends on how exactly the users can generate the certificate requests. If they can do it anonymously, this is a security concern, and such possibility must be closed. If they have to be authenticated users, then GoDaddy must have a working channel to receive complaints from the domain owners, identify the culprits and prevent them from requesting certificates for random domains.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments