[Servercert-wg] [External Sender] Re: Re: Discussion Period Begins - Ballot SC-080 V1: "Sunsetting use of WHOIS to identify Domain Contacts"
Q Misell
q at as207960.net
Wed Sep 18 09:13:17 UTC 2024
Consulting with the IANA registrar falls apart when a reseller is involved.
Sometimes the correct contact data is held by a reseller not the registrar
of record.
I don't think we should allow validation based on Registration Directory
Services <https://www.icann.org/resources/pages/whois-rdds-2023-11-02-en>
knowing how unreliable they can be.
------------------------------
Any statements contained in this email are personal to the author and are
not necessarily the statements of the company unless specifically stated.
AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace,
Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company
registered in Wales under № 12417574
<https://find-and-update.company-information.service.gov.uk/company/12417574>,
LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876
<https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: GB378323867. EU
VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №:
522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru
maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca
Digital, is a company registered in Estonia under № 16755226. Estonian VAT
№: EE102625532. Glauca Digital and the Glauca logo are registered
trademarks in the UK, under № UK00003718474 and № UK00003718468,
respectively.
On Wed, 18 Sept 2024 at 10:59, Amir Omidi via Servercert-wg <
servercert-wg at cabforum.org> wrote:
> I do not agree. What’s the point of keeping this bespoke method available?
> These options create complexity and complexity creates security
> vulnerabilities. In what situation would this method be useful where DNS
> currently can’t solve that need?
>
> On Wed, Sep 18, 2024 at 04:56 Adriano Santoni via Servercert-wg <
> servercert-wg at cabforum.org> wrote:
>
>> I agree if by "WHOIS-related" methods we mean any method based on the
>> WHOIS protocol, either directly or via protocol gateways (e.g. web-based
>> interfaces to WHOIS records). And I support the WHOIS deprecation
>> initiative in this sense, since it has been shown that it may be unreliable.
>>
>> However, where the domain contacts information is obtained, e.g. via the
>> web, from an IANA-accredited domain registrar and is *not* based on WHIOS,
>> then I think it can be used.
>> I assume everyone agrees as long as no one raises a hand to object.
>>
>>
>> Adriano
>>
>> Il 17/09/2024 18:04, Pedro FUENTES ha scritto:
>>
>> Could it be that we all agree that WHOIS-related method are so tricky
>> that it deserves to be ditched and the only thing to requires consensus is
>> the deadline to apply?
>>
>> On my particular side, I personally consider that 1/1/2025 is a
>> reasonable date.
>>
>> Le 17 sept. 2024 à 17:59, Adriano Santoni via Servercert-wg
>> <servercert-wg at cabforum.org> <servercert-wg at cabforum.org> a écrit :
>>
>>
>>
>> Andrew,
>>
>> I was not referring to any WHOIS server, but rather to the information
>> about domain "owners" that a registrar is supposed to collect and keep.
>>
>> So you believe that if a CA does the following, the domain contact email
>> they can (sometimes) get is *unreliable*?
>>
>> 1) Consult the list of accredited domain registrars on the IANA website (
>> https://www.icann.org/en/accredited-registrars), thus finding
>> confirmation of one particular registrar's website the CA was looking for.
>> 2) Access the website found in point 1 above and query the information
>> available on a certain domain.
>> 3) At this point, sometimes (rarely) obtain, among other information,
>> also the email address of a domain contact.
>>
>> Note that here I'm not talking about the WHOIS protocol nor WHOIS
>> servers, but about the information that the domain registrar has the duty
>> to collect and store (not necessarily publish) about the subject who
>> registered a domain.
>>
>> Regards,
>>
>> Adriano
>>
>>
>> Il 17/09/2024 17:13, Andrew Ayer ha scritto:
>>
>> [NOTICE: Pay attention - external email - Sender is agwa at andrewayer.name ]
>>
>>
>>
>>
>>
>> On Tue, 17 Sep 2024 07:21:28 +0000
>> Adriano Santoni via Servercert-wg <servercert-wg at cabforum.org> <servercert-wg at cabforum.org> wrote:
>>
>>
>> I believe that the /interactive
>> /query of the domain registrar, directly on its website, can be
>> considered reliable to the extent that the CA is confident that it is in
>> fact consulting the "right" website.
>>
>> CAs were not consulting the right WHOIS server, despite a database of
>> correct WHOIS servers existing (at least for gTLDs). How would the problem
>> be better when it comes to finding the "right" website?
>>
>> The gTLD registry agreement requires gTLD operators to update the IANA
>> Rootzone Database when their WHOIS server changes; I don't see a
>> similar requirement for keeping a database of website URLs up-to-date.
>>
>> Regards,
>> Andrew
>>
>> _______________________________________________
>> Servercert-wg mailing list
>> Servercert-wg at cabforum.org
>>
>> https://e.as207960.net/w4bdyj/NWzntznOUp7h3WkL
>>
>> _______________________________________________
>> Servercert-wg mailing list
>> Servercert-wg at cabforum.org
>> https://e.as207960.net/w4bdyj/OmfLbIIamHffxlvR
>>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> https://e.as207960.net/w4bdyj/ITHGq93o5ROoDiAt
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240918/4519edfd/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4640 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240918/4519edfd/attachment.p7s>
More information about the Servercert-wg
mailing list