Confirmed users, Administrators
5,526
edits
CA/Required or Recommended Practices: Difference between revisions
CA/Required or Recommended Practices (view source)
Revision as of 21:55, 28 July 2009
, 28 July 2009→Using third-party websites to get WHOIS data
| Line 31: | Line 31: | ||
CAs should revoke certificates with private keys that are known to be compromised, or for which verification of subscriber information is known to be invalid. | CAs should revoke certificates with private keys that are known to be compromised, or for which verification of subscriber information is known to be invalid. | ||
=== | === Verifying Domain Name Ownership/Control === | ||
[http://en.wikipedia.org/wiki/WHOIS WHOIS] may be used by some CAs as a source of information for checking | [http://en.wikipedia.org/wiki/WHOIS WHOIS] may be used by some CAs as a source of information for checking | ||
ownership/control of the domain name for SSL certificate applications. WHOIS information may be subject to compromise. CAs are responsible for implementing appropriate methods to reduce the risk of compromise. For example, direct command line, HTTPS to the original registrar, or correlating multiple sources. The CA should include information in their CP/CPS about the method that they use to validate the integrity of the data. | ownership/control of the domain name for SSL certificate applications. WHOIS information may be subject to compromise. CAs are responsible for implementing appropriate methods to reduce the risk of compromise. For example, direct command line, HTTPS to the original registrar, or correlating multiple sources. The CA should include information in their CP/CPS about the method that they use to validate the integrity of the data. | ||