OFAC/SDN check codebase?


I was wondering if there’s any code open source for how Let’s Encrypt checks the Office of Foreign Asset Control (OFAC) / Specially Designated Nationals lists? I looked through boulder, but was unable to find anything.



I have no official information.

Having said that, their commentary on these forums previously strongly suggests that they deal with OFAC SDN matters on a case by case basis once an accusation that they’ve transacted with a listed party has been brought to their attention. Presumably they then investigate and if they concur, they revoke the certificates issued and, I assume, add the tainted domain name to their blacklist.

Is there anyone at LE who can comment on this? I’d like to better understand the practice as well.


Your description of what happens is correct, @mdhardeman.

closed #4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.