[cabfpub] Restrict certificate lifetime to domain registration period (if certificate expiry date is greater than domain registration)
james at sirburton.com
Fri Jan 12 04:33:48 MST 2018
I will compile a spreadsheet of whois availability of all TLDs listed here:
https://www.iana.org/domains/root/db and get back to you with the results.
On Fri, Jan 12, 2018 at 8:05 AM, Ryan Sleevi <sleevi at google.com> wrote:
> On Thu, Jan 11, 2018 at 7:52 PM, James Burton <james at sirburton.com> wrote:
>> *The Baseline Requirements, Section 22.214.171.124, requires that the CA revoke
>> *6. The CA is made aware of any circumstance indicating that use of a
>> Fully-Qualified Domain Name or IP*
>> *address in the Certificate is no longer legally permitted (e.g. a court
>> or arbitrator has revoked a Domain Name*
>> *Registrant’s right to use the Domain Name, a relevant licensing or
>> services agreement between the Domain*
>> *Name Registrant and the Applicant has terminated, or the Domain Name
>> Registrant has failed to renew the*
>> *Domain Name); *
>> It would be great if one or more of the CAs here could provide me with
>> some yearly statistics of certificates revoked due to these circumstances
>> listed above.
>> *In order to do something as you propose, it must be possible to
>> determine the domain registration period. How do you propose to do that
>> consistently for all domains? (It's not actually available consistently).*
>> All registries must provide a whois/status service, so determining the
>> domain registration period is as simple as hot knife going through butter.
> While true for ICANN-contracted TLDs, there are TLDs beyond those - such
> as ccTLDs. That's what I was referring to, as it was recently discussed in
> the Forum regarding 126.96.36.199.1 methods of validation, and is (as some
> members noted), part of why 188.8.131.52.1 exists.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public