diff --git a/webserver/CSR.py b/webserver/CSR.py
index 27eaa704a..2130f4dd1 100644
--- a/webserver/CSR.py
+++ b/webserver/CSR.py
@@ -22,6 +22,16 @@ def san(csr):
     """Get the subject alternate names from this CSR."""
     return []
 
+def can_sign(name):
+    """Does this CA's policy forbid signing this name via Chocolate DV?"""
+    # We could have a regular expression match here, like
+    # ([a-z0-9]+\.)+[a-z0-9]+
+    # and there is also a list of TLDs to check against to confirm that
+    # the name is actually a FQDN.
+    if "." not in name: return False
+    # Examples of names that are forbidden by policy due to a blacklist.
+    if name in ["google.com", "www.google.com"]: return False
+
 def verify(key, data):
     """What string was validly signed by this public key? (or None)"""
     return None