[cabf_validation] Proposal for Adding RDAP

Tim Hollebeek tim.hollebeek at digicert.com
Tue May 1 10:55:46 MST 2018


Well, that’s why I phrased it the way I did.  It’s essentially a NOP today, but it will become less of one over time.  We could even change the second MUST to a SHOULD for now if people are concerned about rushing into things.



CAs SHOULD prefer RDAP when available. 

CAs MUST use authenticated HTTPS and/or RDAP methods when supported by the registry / registrar.


But I think that might not have majority support.  It does have the advantage that it slowly moves the industry towards modern, authenticated methods as registrars and registries start supporting them.  Which should only take a century or two.


I agree that it's unlikely to have support - even from browsers - in part as that RDAP is still in its pilot phase. Consider that ICANN's first RDAP profile resulted in a request for ICANN to *not* use that profile from the registries, and the pilot will end in July 2018. As exciting as RDAP is, let's not rush to something that is still (intentionally) going through careful rollout and experimentation.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20180501/f9574f05/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/validation/attachments/20180501/f9574f05/attachment.p7s>

More information about the Validation mailing list