[TLS] HTTPS Phishing sites
Sankalp Bagaria <sankalp.nitt@gmail.com> Fri, 26 May 2017 05:16 UTC
Return-Path: <sankalp.nitt@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A2011241FC for <tls@ietfa.amsl.com>; Thu, 25 May 2017 22:16:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.799
X-Spam-Level:
X-Spam-Status: No, score=-0.799 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s_xay3pqANBj for <tls@ietfa.amsl.com>; Thu, 25 May 2017 22:16:06 -0700 (PDT)
Received: from mail-oi0-x230.google.com (mail-oi0-x230.google.com [IPv6:2607:f8b0:4003:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA7A3126CBF for <tls@ietf.org>; Thu, 25 May 2017 22:16:06 -0700 (PDT)
Received: by mail-oi0-x230.google.com with SMTP id b204so695380oii.1 for <tls@ietf.org>; Thu, 25 May 2017 22:16:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=3a22t06/qUkM4rrXbI74rmIjmEG5cnLy/6trVJUMfUc=; b=qFNXxOaZifBGW7q77wE0VhCV/t/7oKrgGVoZW8Dfg3LCasoFhB/wTy/dwkx8Gbst9d KmmUq46fOgVwt8E+00rim98pgLO3UayYnSDIEeEUld38ynUQ9CpYreeEPpz9p7UzCf8n WOENXQ9WFdRzkS8YHL1OYBNKoe8SzjwuA4OVDaxIpukleZVNxrK6m9FZ6xaC/csmIx6s 6arvCQoey2mKb/JomHDUJUwQ8jEaB2mnW211QZrKaXJ8mVCGYqgajSnBw8WY+EMD/DsZ Z9h4fpHMItInIpQnxGta3yzz53nRs0TFev7cLYf6ny9pjr6duNCKO3pWUBDXFOa3SkOH r+CQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=3a22t06/qUkM4rrXbI74rmIjmEG5cnLy/6trVJUMfUc=; b=GiK0BttF3ofp0gOGFZhdq8Jt+wLqfRX88LXY8TXKi8Ji4oGLLlskz3OYORykNMaY5N OsJt+SQWpzYJ/QS8erbbJKLCGGtEN4krM7E01wlm52fWyyRdIad51yGk7WuqvmUh1/bQ 4LEAXPSU8j7Ps4Aug0a2DRR8RAudnhMmqMy+BB6dPOyLavysRzN4l7zcEDl0EhLh8BEE LfCG6MEX0/fLoeK5x52IItCi0ARgeSZufF0C5EfNPJffEbeJjOxWBxoGAyHt7E5zcJRb 8RLqDpatxjFeZdngWIEN/T1uuB6BdfacARervniGbvxEbjIb9wNjlhPprRQWv+0i/3yW /4CA==
X-Gm-Message-State: AODbwcC6Ppm4V0CzslHWrv+gFOQHXi/zU05yu0ubqvAjKHSa5o0avb5l pDHsJvXvivd/QGWNdoGABmaD2VO5dw==
X-Received: by 10.157.16.55 with SMTP id h52mr55027ote.218.1495775766161; Thu, 25 May 2017 22:16:06 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.56.24 with HTTP; Thu, 25 May 2017 22:16:05 -0700 (PDT)
From: Sankalp Bagaria <sankalp.nitt@gmail.com>
Date: Fri, 26 May 2017 10:46:05 +0530
Message-ID: <CAPZZOTgfu9K3umjuCb=4DeRWOEKGvOJ4xBAeefudpdE=NJo9sQ@mail.gmail.com>
To: tls@ietf.org
Cc: sankalp <sankalp@cdac.in>, Balaji Rajendran <balajirajendran@gmail.com>
Content-Type: multipart/alternative; boundary="001a113d034234b1cc0550666ff8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Ai5a2Q9kXi5zLteXoYR0v4pEk5A>
Subject: [TLS] HTTPS Phishing sites
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 May 2017 05:16:08 -0000
Hello, http://securityaffairs.co/wordpress/59238/cyber-crime/ https-phishing-sites.html claims that phishing websites using HTTPS are increasing in number. If malicious sites can get certificates, it defeats the purpose of TLS. In my opinion, tougher measures are required to prevent malicious sites getting legitimate certificates. What can we do about it ? Regards, Sankalp.
- [TLS] HTTPS Phishing sites Sankalp Bagaria
- Re: [TLS] HTTPS Phishing sites David Woodhouse
- Re: [TLS] HTTPS Phishing sites Eric Rescorla
- Re: [TLS] HTTPS Phishing sites Yngve N. Pettersen
- Re: [TLS] HTTPS Phishing sites Ilari Liusvaara