[cabfpub] "Domain Name Registrar"

Peter Bowen pzb at amzn.com
Mon Aug 1 12:57:16 MST 2016


> On Aug 1, 2016, at 12:13 PM, geoffk at apple.com wrote:
> 
> 
>> On 1 Aug. 2016, at 9:52 am, Peter Bowen <pzb at amzn.com> wrote:
>> 
>> I’m familiar with the two sections.  However I’m not clear on the rules for what goes where.
> 
> I think it’s not really a bright-line situation.  And, importantly, not one that really matters for the purpose of certificate issuance; no matter how you do it, you need to check that the domain is authorized all the way back to the root, whether that’s by consulting an IANA list or whois or whatever; the classification of registrars is just so you don’t have to keep verifying “yes, Verisign still runs .com just as it did 30 seconds ago for the previous domain”.

I think it does matter for certificate issuance when using validation methods that don’t involve DNS lookup of the name being verified.  For example, if I want to send an email to the domain registrant, can I send it to the person who registered example.de.com with CentralNic or must it only go to the person who registered de.com (e.g. CentralNic themselves)?

Thanks,
Peter


More information about the Public mailing list