[cabf_validation] Proposal for Adding RDAP

Wayne Thayer wthayer at mozilla.com
Fri Apr 27 13:30:36 MST 2018

The BRs as currently written use the term WHOIS in a number of places
without defining it. This creates ambiguity over the use of RDAP, the
successor protocol to WHOIS. There are a few ways to fix this - I propose
we simply add a definition for WHOIS that expressly includes RDAP. Here is
the proposed language:


This ballot modifies the “Baseline Requirements for the Issuance and
Management of Publicly-Trusted Certificates” as follows, based upon Version

In section 1.6.1, add the following definition:

WHOIS: the protocol defined in RFC 3912, the Registry Data Access Protocol
defined in RFC 7482, or an HTTPS website operated by a Domain Name
Registrar or registry operator that provides the same information.

Does the inclusion of a 'website operated by a Registry or Registrar'
create issues? I believe that it is common practice for CAs to use sites
like https://www.networksolutions.com/whois/index.jsp or
https://www.nominet.uk/whois/, but I don't recall ever discussing the use
of websites that put a UI on top of port 43 queries.

Also, are there features of RDAP such as authentication that we SHOULD or
MUST require?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20180427/81f41753/attachment.html>

More information about the Validation mailing list