> On 23 Jan 2018, at 16:50, Sebastian Nielsen <[email protected]> wrote: > > I think that it could be acceptable to "reuse" an old validation provided > WHOIS is checked right?
As a general rule, relying on the accuracy of whois data for *anything* is remarkably stupid. Some registries try hard to publish accurate whois data, but there are only a few who do that. > if a hash is made of all the WHOIS data, and all the WHOIS data stays > identical from last validation, then theres proof that control of domain has > not shifted in the meantime, No. All that "proves" is the whois data were not changed. Control of the domain may well have taken place without a corresponding update to the whois data. For instance, lazy/incompetent registrars or registries that get this wrong. Or the use of privacy/proxy services which may well leave the whois data unchanged whenever the domain name holder changes. Or when a domain name holder's business gets acquired by another. Oh and in some cases, contact data about a domain name holder can't be published in whois because of data protection legislation. This issue is going to get a *whole lot* worse once GDPR kicks in. _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
