[Servercert-wg] Discussion Period Begins - Ballot SC-080 V1: "Sunsetting use of WHOIS to identify Domain Contacts"

Andrew Ayer agwa at andrewayer.name
Tue Sep 17 15:13:41 UTC 2024


On Tue, 17 Sep 2024 07:21:28 +0000
Adriano Santoni via Servercert-wg <servercert-wg at cabforum.org> wrote:

> I believe that the /interactive 
> /query of the domain registrar, directly on its website, can be 
> considered reliable to the extent that the CA is confident that it is in 
> fact consulting the "right" website.

CAs were not consulting the right WHOIS server, despite a database of
correct WHOIS servers existing (at least for gTLDs).  How would the problem
be better when it comes to finding the "right" website?

The gTLD registry agreement requires gTLD operators to update the IANA
Rootzone Database when their WHOIS server changes; I don't see a
similar requirement for keeping a database of website URLs up-to-date.

Regards,
Andrew


More information about the Servercert-wg mailing list