Symantec/GeoTrust revokes some SSL certificates for .pw TLD
‘Spammy’ locale gets its wings clipped
Symantec-owned certificate authority GeoTrust has revoked some SSL certificates for a small number of (unspecified) .pw domains.
Digital certificates for addresses using the top-level domain are still available from other providers. Symantec said it will continue to offer organisations extended validation certificates for the .pw TLD even though the sale of regular digital certificate for the top-level domain has been put on hold.
Computer security researcher Colin Keigher came across the issue after his data-leak-detector website canary.pw was incorrectly flagged as potentially containing malware in a site-scan by Symantec.
After starting off life as the the country code top-level domain for the Pacific island nation of Palau, .pw was rebranded as the as “Professional Web”. Sites under the TLD went on general sale two years ago, something accompanied by strong early demand, according to reseller Directi.
Weeks later Symantec branded sites under .pw TLD as a significant source of junk mail.
Keigher was told by his reseller that Symantec/GeoTrust would no longer be issuing SSL certs to .pw domains before receiving a refund. “There is no malware on Canary[.pw] to say the least,” Keigher said in a blog post – which was debated on Hacker News.
James Hanlon, security strategist, office of the CTO, EMEA at Symantec denied that it acted without warning in disavowing a small number of .pw SSL certificates it had issued.
“After attempting to notify impacted customers/partners, Symantec has revoked a small number of domain validated SSL/TLS certificates under the .pw Top Level Domain (TLD) based on intelligence that some were being used on sites exhibiting malicious behaviour,” Hanlon explained.
“Symantec will continue to offer organisation and extended validation certificates to the .pw TLD and has engaged with the registry that controls .pw to identify ways to improve overall online safety," he added. ®