[cabf_validation] Proposal for Adding RDAP

Wayne Thayer wthayer at mozilla.com
Fri Apr 27 13:30:36 MST 2018


The BRs as currently written use the term WHOIS in a number of places
without defining it. This creates ambiguity over the use of RDAP, the
successor protocol to WHOIS. There are a few ways to fix this - I propose
we simply add a definition for WHOIS that expressly includes RDAP. Here is
the proposed language:

*— MOTION BEGINS –*

This ballot modifies the “Baseline Requirements for the Issuance and
Management of Publicly-Trusted Certificates” as follows, based upon Version
1.5.6:

In section 1.6.1, add the following definition:

WHOIS: the protocol defined in RFC 3912, the Registry Data Access Protocol
defined in RFC 7482, or an HTTPS website operated by a Domain Name
Registrar or registry operator that provides the same information.
*— MOTION ENDS –*

Does the inclusion of a 'website operated by a Registry or Registrar'
create issues? I believe that it is common practice for CAs to use sites
like https://www.networksolutions.com/whois/index.jsp or
https://www.nominet.uk/whois/, but I don't recall ever discussing the use
of websites that put a UI on top of port 43 queries.

Also, are there features of RDAP such as authentication that we SHOULD or
MUST require?

Thanks,

Wayne
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20180427/81f41753/attachment.html>


More information about the Validation mailing list