A high risk domain is one for which there is a high risk of confusion which might lead to abuse, particularly in terms of malware or phishing campaigns. It’s typical for CAs to not allow issuance to such domains.
Our list was created by identifying top phishing targets and blacklisting their domains with a combination of TLDs. In this case that initiated this thread, “ing.com” was blacklisted but so was “ing.rs” and a number of other TLDs (e.g. “ing.net”, “ing.co.uk”, etc…).
Obviously our list isn’t comprehensive in terms of all the possibilities for abuse. No CA’s is, one has to draw the line somewhere. Our list includes about 200 domains/entities.
We regularly review the high risk domains blocklist and discuss the policy around it, especially in light of our stance on CA anti-phishing and anti-malware enforcement.