[gnso-rds-pdp-wg] Use case for WHOIS/RDP

[Rob Golding]

> That’s an interesting mental exercise, as what the CA’s basically do is tie a domain name to an entity using an authoritative source - exactly what whois is today and an RDS would be in the future (in theory). 

Certificate type dependant - the bulk of certs by the main CA's are validated by one of 4 methods:

1. trust in the people ordering it

2. by sending an email to(admin/administrator/webmaster/postmaster)@(thedomain) with a code/link 
(i.e. can they get/respond to an email)

3. simple nslookup of a CNAME containing the MD5 of the CSR  
(i.e. do they have access to edit the dns entries)

4. placement of a code/snippet/file on a website
(i.e. do they have some form of file-level access to the hosting)

Only for certain certificate types do they do things like look at "official" document sources to try and verify the provided data = some other database (and they don’t use WHOIS for that, they use the phone book !) and/or ask for scans (or faxes) of a utility bill etc


Rob



---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus