[Servercert-wg] [External Sender] Re: Discussion Period Begins - Ballot SC-080 V1: "Sunsetting use of WHOIS to identify Domain Contacts"

Adriano Santoni adriano.santoni at staff.aruba.it
Tue Sep 17 15:59:12 UTC 2024 

Andrew,

I was not referring to any WHOIS server, but rather to the information 
about domain "owners" that a registrar is supposed to collect and keep.

So you believe that if a CA does the following, the domain contact email 
they can (sometimes) get is /unreliable/?

1) Consult the list of accredited domain registrars on the IANA website 
(https://www.icann.org/en/accredited-registrars), thus finding 
confirmation of one particular registrar's website the CA was looking for.
2) Access the website found in point 1 above and query the information 
available on a certain domain.
3) At this point, sometimes (rarely) obtain, among other information, 
also the email address of a domain contact.

Note that here I'm not talking about the WHOIS protocol nor WHOIS 
servers, but about the information that the domain registrar has the 
duty to collect and store (not necessarily publish) about the subject 
who registered a domain.

Regards,

Adriano


Il 17/09/2024 17:13, Andrew Ayer ha scritto:
> [NOTICE: Pay attention - external email - Sender isagwa at andrewayer.name ]
>
>
>
>
>
> On Tue, 17 Sep 2024 07:21:28 +0000
> Adriano Santoni via Servercert-wg<servercert-wg at cabforum.org> wrote:
>
>> I believe that the /interactive
>> /query of the domain registrar, directly on its website, can be
>> considered reliable to the extent that the CA is confident that it is in
>> fact consulting the "right" website.
> CAs were not consulting the right WHOIS server, despite a database of
> correct WHOIS servers existing (at least for gTLDs).  How would the problem
> be better when it comes to finding the "right" website?
>
> The gTLD registry agreement requires gTLD operators to update the IANA
> Rootzone Database when their WHOIS server changes; I don't see a
> similar requirement for keeping a database of website URLs up-to-date.
>
> Regards,
> Andrew
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240917/d71df4c5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4857 bytes
Desc: Firma crittografica S/MIME
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240917/d71df4c5/attachment.p7s>

More information about the Servercert-wg mailing list