[Servercert-wg] [EXTERNAL] Update definition of IP Address Contact in the BRs

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Thu Feb 4 10:28:22 UTC 2021 


On 4/2/2021 10:31 π.μ., Paul van Brouwershaven wrote:
> The problem is that many DNS providers default this value to an 
> address of their own.
>
> Where many in-addr.arpa zones are probably operated by range owner in 
> some automated system, some smaller ranges might be delegated to a DNS 
> provider. There are for example almost 3000 zones hosted on AWS Route 
> 53, some sampling showed that many have the address 
> 'awsdns-hostmaster at amazon.com' in the SOA record.
>
> Some providers you might be allowed to change it, but if it's not 
> changed you would make a third party the IP address contact.

Regardless of this field being used by ISPs, it is an authorized area 
for an IP address holder to add authoritative contact email information. 
This is the case for many PI address spaces used today.

Dimitris.



> ------------------------------------------------------------------------
> *From:* Servercert-wg <servercert-wg-bounces at cabforum.org> on behalf 
> of Dimitris Zacharopoulos (HARICA) via Servercert-wg 
> <servercert-wg at cabforum.org>
> *Sent:* Thursday, February 4, 2021 08:24
> *To:* CA/B Forum Server Certificate WG Public Discussion List 
> <servercert-wg at cabforum.org>
> *Subject:* [EXTERNAL] [Servercert-wg] Update definition of IP Address 
> Contact in the BRs
> WARNING: This email originated outside of Entrust.
> DO NOT CLICK links or attachments unless you trust the sender and know 
> the content is safe.
> ------------------------------------------------------------------------
> I would like to propose an amendment to the definition "IP Address 
> Contact". Following the example of a "Domain Contact", for consistency 
> we should allow a CA to use the DNS SOA record as IP Address Contact 
> information.
>
> Current definition:
>
> /*IP Address Contact*//: The person(s) or entity(ies) registered with 
> an IP Address Registration Authority as having the right to control 
> how one or more IP Addresses are used./
>
> Proposed new definition:
> /
> //*IP Address Contact*//: The person(s) or entity(ies) registered with 
> an IP Address Registration Authorityor in a DNS SOA record as having 
> the right to control how one or more IP Addresses are used./
>
> Are there any objections or concerns with this proposal?
>
>
> Thank you,
> Dimitris.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210204/b4b4769a/attachment.html>

More information about the Servercert-wg mailing list