I was wondering if there’s any code open source for how Let’s Encrypt checks the Office of Foreign Asset Control (OFAC) / Specially Designated Nationals lists? I looked through boulder, but was unable to find anything.
Thanks!
I have no official information.
Having said that, their commentary on these forums previously strongly suggests that they deal with OFAC SDN matters on a case by case basis once an accusation that they’ve transacted with a listed party has been brought to their attention. Presumably they then investigate and if they concur, they revoke the certificates issued and, I assume, add the tainted domain name to their blacklist.
Is there anyone at LE who can comment on this? I’d like to better understand the practice as well.
Your description of what happens is correct, @mdhardeman.