On 17/9/2024 7:05 μ.μ., Pedro FUENTES via Servercert-wg wrote:
Could it be that we all agree that WHOIS-related method are so tricky
that it deserves to be ditched and the only thing to requires
consensus is the deadline to apply?
Can you explain what you mean by "tricky"? We have several challenging
requirements in the BRs that could also be considered "tricky" :)
Dimitris.
On my particular side, I personally consider that 1/1/2025 is a
reasonable date.
Le 17 sept. 2024 à 17:59, Adriano Santoni via Servercert-wg
<[email protected]> a écrit :
Andrew,
I was not referring to any WHOIS server, but rather to the
information about domain "owners" that a registrar is supposed to
collect and keep.
So you believe that if a CA does the following, the domain contact
email they can (sometimes) get is /unreliable/?
1) Consult the list of accredited domain registrars on the IANA
website (https://www.icann.org/en/accredited-registrars), thus
finding confirmation of one particular registrar's website the CA was
looking for.
2) Access the website found in point 1 above and query the
information available on a certain domain.
3) At this point, sometimes (rarely) obtain, among other information,
also the email address of a domain contact.
Note that here I'm not talking about the WHOIS protocol nor WHOIS
servers, but about the information that the domain registrar has the
duty to collect and store (not necessarily publish) about the subject
who registered a domain.
Regards,
Adriano
Il 17/09/2024 17:13, Andrew Ayer ha scritto:
[NOTICE: Pay attention - external email - Sender [email protected] ]
On Tue, 17 Sep 2024 07:21:28 +0000
Adriano Santoni via Servercert-wg<[email protected]> wrote:
I believe that the /interactive
/query of the domain registrar, directly on its website, can be
considered reliable to the extent that the CA is confident that it is in
fact consulting the "right" website.
CAs were not consulting the right WHOIS server, despite a database of
correct WHOIS servers existing (at least for gTLDs). How would the problem
be better when it comes to finding the "right" website?
The gTLD registry agreement requires gTLD operators to update the IANA
Rootzone Database when their WHOIS server changes; I don't see a
similar requirement for keeping a database of website URLs up-to-date.
Regards,
Andrew
_______________________________________________
Servercert-wg mailing list
[email protected]
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_servercert-2Dwg&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=IqgVx_nvAxgc9vUVg8d2gCn7R7eMqKPCSgoIW6If9F-DHYck2BXkEdTactbQnmGx&s=TSpgJKJi2JL8yKR40EYmCep1QcQe0Ueo8VaHzA2ijT0&e=
_______________________________________________
Servercert-wg mailing list
[email protected]
https://lists.cabforum.org/mailman/listinfo/servercert-wg
_______________________________________________
Servercert-wg mailing list
[email protected]
https://lists.cabforum.org/mailman/listinfo/servercert-wg
