Confirmed users, Administrators
5,526
edits
CA/Forbidden or Problematic Practices: Difference between revisions
CA/Forbidden or Problematic Practices (view source)
Revision as of 22:23, 14 July 2009
, 14 July 2009→Potentially problematic CA practices
(Added generic CA names as a problematic practice) |
|||
| Line 62: | Line 62: | ||
Our recommendation is that all CA names incorporate an organizational name or product brand name sufficiently unique to allow relatively straightforward identification of the CA. | Our recommendation is that all CA names incorporate an organizational name or product brand name sufficiently unique to allow relatively straightforward identification of the CA. | ||
=== Using third-party websites to get WHOIS data === | |||
[http://en.wikipedia.org/wiki/WHOIS WHOIS] may be used by some CAs as a source of information for checking | |||
ownership/control of the domain name for SSL certificate applications. WHOIS information may be subject to compromise. CAs are responsible for implementing appropriate methods to reduce the risk of compromise. For example, direct command line, HTTPS to the original registrar, or correlating multiple sources. The CA should include information in their CPS that describes the method that they use to validate the integrity of the data | |||