Confirmed users, Administrators
5,526
edits
CA/Forbidden or Problematic Practices: Difference between revisions
CA/Forbidden or Problematic Practices (view source)
Revision as of 22:25, 14 July 2009
, 14 July 2009→Using third-party websites to get WHOIS data
| Line 65: | Line 65: | ||
=== Using third-party websites to get WHOIS data === | === Using third-party websites to get WHOIS data === | ||
[http://en.wikipedia.org/wiki/WHOIS WHOIS] may be used by some CAs as a source of information for checking | [http://en.wikipedia.org/wiki/WHOIS WHOIS] may be used by some CAs as a source of information for checking | ||
ownership/control of the domain name for SSL certificate applications. WHOIS information may be subject to compromise. CAs are responsible for implementing appropriate methods to reduce the risk of compromise. For example, direct command line, HTTPS to the original registrar, or correlating multiple sources. The CA should include information in their CPS | ownership/control of the domain name for SSL certificate applications. WHOIS information may be subject to compromise. CAs are responsible for implementing appropriate methods to reduce the risk of compromise. For example, direct command line, HTTPS to the original registrar, or correlating multiple sources. The CA should include information in their CPS about the method that they use to validate the integrity of the data | ||