[gnso-rds-pdp-wg] Use case for WHOIS/RDP
Rob Golding
rob.golding at astutium.com
Tue Aug 16 15:17:57 UTC 2016
> That’s an interesting mental exercise, as what the CA’s basically do is tie a domain name to an entity using an authoritative source - exactly what whois is today and an RDS would be in the future (in theory).
Certificate type dependant - the bulk of certs by the main CA's are validated by one of 4 methods:
1. trust in the people ordering it
2. by sending an email to(admin/administrator/webmaster/postmaster)@(thedomain) with a code/link
(i.e. can they get/respond to an email)
3. simple nslookup of a CNAME containing the MD5 of the CSR
(i.e. do they have access to edit the dns entries)
4. placement of a code/snippet/file on a website
(i.e. do they have some form of file-level access to the hosting)
Only for certain certificate types do they do things like look at "official" document sources to try and verify the provided data = some other database (and they don’t use WHOIS for that, they use the phone book !) and/or ask for scans (or faxes) of a utility bill etc
Rob
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
More information about the gnso-rds-pdp-wg
mailing list