[Servercert-wg] [EXTERNAL] Update definition of IP Address Contact in the BRs
Paul van Brouwershaven
Paul.vanBrouwershaven at entrust.com
Thu Feb 4 08:31:59 UTC 2021
The problem is that many DNS providers default this value to an address of their own.
Where many in-addr.arpa zones are probably operated by range owner in some automated system, some smaller ranges might be delegated to a DNS provider. There are for example almost 3000 zones hosted on AWS Route 53, some sampling showed that many have the address 'awsdns-hostmaster at amazon.com' in the SOA record.
Some providers you might be allowed to change it, but if it's not changed you would make a third party the IP address contact.
________________________________
From: Servercert-wg <servercert-wg-bounces at cabforum.org> on behalf of Dimitris Zacharopoulos (HARICA) via Servercert-wg <servercert-wg at cabforum.org>
Sent: Thursday, February 4, 2021 08:24
To: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Subject: [EXTERNAL] [Servercert-wg] Update definition of IP Address Contact in the BRs
WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
________________________________
I would like to propose an amendment to the definition "IP Address Contact". Following the example of a "Domain Contact", for consistency we should allow a CA to use the DNS SOA record as IP Address Contact information.
Current definition:
IP Address Contact: The person(s) or entity(ies) registered with an IP Address Registration Authority as having the right to control how one or more IP Addresses are used.
Proposed new definition:
IP Address Contact: The person(s) or entity(ies) registered with an IP Address Registration Authority or in a DNS SOA record as having the right to control how one or more IP Addresses are used.
Are there any objections or concerns with this proposal?
Thank you,
Dimitris.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210204/c5ce6d51/attachment.html>
More information about the Servercert-wg
mailing list