[Cryptography] Commercial PKI as dog poop

Sean Burford sburford at google.com
Thu May 13 03:06:45 EDT 2021 

Hi,

On Tue, May 11, 2021 at 6:24 AM Peter Gutmann <pgut001 at cs.auckland.ac.nz>
wrote:

> Hat tip to an anonymous contributor: Go to https://www.dogpoopsigns.com
> and
> look at the certificate.  It's actually issued for
> https://www.smartsign.com,
> but is also valid for www.smartsign.com, smartsign.com, myengravedsign.com
> ,
> roadtrafficsigns.com, www.mydoorsign.com, www.campgroundsigns.com,
> myassettag.com, www.xpresstags.com, www.recyclereminders.com,
> shippinglabels.com, lockouttag.com, www.xpressstamp.com, xpressnow.com,
> www.labellab.com, www.myparkingpermit.com, www.qclabels.com,
> mysafetylabels.com, labellab.com, myhardhatstickers.com,
> www.mysafetysign.com,
> www.warehousetags.com, www.roadtrafficsigns.com, www.myengravedsign.com,
> www.myparkingsign.com, warehousetags.com, playgroundsigns.com,
> www.jobsafetyscoreboards.com, www.mynameplates.com, dogpoopsigns.com,
> www.xpresstabs.com, simplyexitsigns.com, www.petrescuestickers.com,
> www.xpressnow.com, mysafetysign.com, www.mynamebadges.com,
> wiremarkerbooks.com, xpresscenter.com, flipplacards.com,
> www.xpressmats.com,
> www.myhardhatstickers.com, www.mypoolsigns.com, xpressstamp.com,
> qclabels.com,
> jobsafetyscoreboards.com, www.myassettag.com, recyclereminders.com,
> www.lockouttag.com, mynameplates.com, www.flipplacards.com,
> www.mysecuritysign.com, www.shippinglabels.com, www.xpresscenter.com,
> xpresstags.com, www.mysafetylabels.com, mypoolsigns.com, mynamebadges.com,
> www.photo-badge.com, campgroundsigns.com, photo-badge.com,
> www.wiremarkerbooks.com, www.playgroundsigns.com, mydoorsign.com,
> myparkingpermit.com, myparkingsign.com, petrescuestickers.com,
> mysecuritysign.com, www.simplyexitsigns.com, www.tamperevidentlabels.com,
> www.dogpoopsigns.com, xpresstabs.com, tamperevidentlabels.com, and
> xpressmats.com.
>
> OK, it's CDN certificate, for which a random jumble of unrelated DNs like
> this
> is the norm.  The unintended dogpoop comedy is a good indication of the
> state
> of commercial PKI in this area.
>

Unrelated?  Those domains all seem to be sign/sticker/label printing
business(es). Perhaps they are all the same business?  They all use similar
web site templates, and all share "Visitor No. 250 005 xxx" down the bottom.

I think these are all the same business.  It's still funny though.

Sean
‏
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210513/9fbb56f9/attachment.htm>

More information about the cryptography mailing list