Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Starfieldtech #97

Open
yoshimo opened this issue Jan 18, 2025 · 1 comment
Open

Starfieldtech #97

yoshimo opened this issue Jan 18, 2025 · 1 comment
Labels
help wanted Extra attention is needed

Comments

@yoshimo
Copy link

yoshimo commented Jan 18, 2025

ocsp.starfieldtech.com
Starfield Technologies offers TLS certificates. You shouldn't block the revocation checks.
@mtxadmin
Copy link
Owner

Their root is really strange. ( view-source:https://www.starfieldtech.com/ ). And it is in the Blocklist list

Thinking about whitelisting all ocsp.*

  • ocsp.trust-provider.com - root is 404 and in EasyPrivacy list. They have crl.trust-provider.com as well
  • ocsp.advance.net - root is in Dan Pollock's hosts file. Redirects to advance.com
  • ocsp.certificateservices.eads.com - root is 504 and in several lists
  • ocsp.ezoic.net - root domain is clearly ad-driven
  • ocsp.geotrust.com - root is about certificates, but is in EasyPrivacy
  • ocsp.ca.hsdn.org - root is in many lists
  • ocsp.atlassian-app.atlassian-app.eu.tt.omtrdc.net - root domain is clearly ad-driven

Also, ad providers in future could exploit this whitelisting of ocsp.* subdomains. Maybe. Because why not.

So, I am in doubt about such whitelisting.

@mtxadmin mtxadmin added the help wanted Extra attention is needed label Jan 18, 2025
@mtxadmin mtxadmin mentioned this issue Jan 18, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yoshimo @mtxadmin