[gnso-rds-pdp-wg] Use case for WHOIS/RDP
Rob Golding
rob.golding at astutium.com
Tue Aug 16 16:02:40 UTC 2016
> As to alternatives, your suggestions regarding using contact info on websites won't work in a vast number of cases,
> because the certificate is often acquired before the website goes live
I have never known a CA issue an EV certificate without requiring that there be a website, with the correct (requestors) contact information on it (and that contact information matches a-n-other 3rd party system like the utility)
Internet != Web of course (and we've organised plenty of certificates where there isn't and never is expected to be a website but the encryption is still necessary)
> On top of that, there's no support for an assumption that websites will have contact info on them, in those cases (e.g.., renewal) where the site is live.
It's a legal requirement in some jurisdictions, and at least 2 CAs I've obtained certificates from check the sites at least at SSL order time (and as they expire does mean periodic rechecks)
> I am unaware of any report that shows sales data related to SSL/TLS certs
Ironically, as the expiry date etc in an SSL Cert is "public", certificate holders face growing numbers of targeting phishing scams following the "fake renewal notice" methodology that has plagued domain Registrants for years (due to domain data being "public")
Rob
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
More information about the gnso-rds-pdp-wg
mailing list