ublock icon indicating copy to clipboard operation
ublock copied to clipboard
verified publisher icon mtxadmin

Starfieldtech

Open yoshimo opened this issue 1 year ago • 1 comments

ocsp.starfieldtech.com Starfield Technologies offers TLS certificates. You shouldn't block the revocation checks.

yoshimo avatar Jan 18 '25 14:01 yoshimo

Their root is really strange. ( view-source:https://www.starfieldtech.com/ ). And it is in the Blocklist list

Thinking about whitelisting all ocsp.*

  • ocsp.trust-provider.com - root is 404 and in EasyPrivacy list. They have crl.trust-provider.com as well
  • ocsp.advance.net - root is in Dan Pollock's hosts file. Redirects to advance.com
  • ocsp.certificateservices.eads.com - root is 504 and in several lists
  • ocsp.ezoic.net - root domain is clearly ad-driven
  • ocsp.geotrust.com - root is about certificates, but is in EasyPrivacy
  • ocsp.ca.hsdn.org - root is in many lists
  • ocsp.atlassian-app.atlassian-app.eu.tt.omtrdc.net - root domain is clearly ad-driven

Also, ad providers in future could exploit this whitelisting of ocsp.* subdomains. Maybe. Because why not.

So, I am in doubt about such whitelisting.

mtxadmin avatar Jan 18 '25 22:01 mtxadmin