[cabfpub] "Domain Name Registrar"

Rich Smith richard.smith at comodo.com
Tue Aug 2 19:24:05 UTC 2016


On 8/1/2016 4:53 PM, Geoff Keating wrote:
>
>> On 1 Aug. 2016, at 12:57 pm, Peter Bowen <pzb at amzn.com 
>> <mailto:pzb at amzn.com>> wrote:
>>
>>
>>> On Aug 1, 2016, at 12:13 PM, geoffk at apple.com 
>>> <mailto:geoffk at apple.com> wrote:
>>>
>>>
>>>> On 1 Aug. 2016, at 9:52 am, Peter Bowen <pzb at amzn.com 
>>>> <mailto:pzb at amzn.com>> wrote:
>>>>
>>>> I'm familiar with the two sections.  However I'm not clear on the 
>>>> rules for what goes where.
>>>
>>> I think it's not really a bright-line situation.  And, importantly, 
>>> not one that really matters for the purpose of certificate issuance; 
>>> no matter how you do it, you need to check that the domain is 
>>> authorized all the way back to the root, whether that's by 
>>> consulting an IANA list or whois or whatever; the classification of 
>>> registrars is just so you don't have to keep verifying "yes, 
>>> Verisign still runs .com just as it did 30 seconds ago for the 
>>> previous domain".
>>
>> I think it does matter for certificate issuance when using validation 
>> methods that don't involve DNS lookup of the name being verified. 
>>  For example, if I want to send an email to the domain registrant, 
>> can I send it to the person who registered example.de.com 
>> <http://example.de.com> with CentralNic or must it only go to the 
>> person who registered de.com <http://de.com> (e.g. CentralNic 
>> themselves)?
>
> That's what I mean by 'all the way back': you can get the e-mail 
> address from CentralNic, but you also need to check that CentralNic 
> does actually own de.com <http://de.com>.  It is not wrong to e-mail 
> CentralNic and accept their answer in this case, although it might be 
> ineffective.
How often?  As you said, the classification for registrars is just so 
you don't have to keep verifying that Verisign still controls .com every 
30 seconds.  So how often should one need to re-verify that CentralNic 
still controls de.com?  And by that reasoning shouldn't one need to 
re-verify that Verisign still controls .com with the same frequency?
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160802/7b786c9d/attachment-0003.html>


More information about the Public mailing list