I second the call to remove WHOIS based DCV as well. This report has likely created copycat attacks.
On Thu, Sep 12, 2024 at 03:21 Hanno Böck <[email protected]> wrote: > Hi, > > On Wed, 11 Sep 2024 06:53:28 -0700 (PDT) > Claves Nostrum <[email protected]> wrote: > > > IANA says the whois server for whois.nic.mobi > > (https://www.iana.org/domains/root/db/mobi.html) > > > > whois cmd util uses whois.afilias.net as the whois server for .mobi > > ( > https://github.com/rfc1036/whois/blob/dc588f10ee8135e17b3a1b6934583476bcb67bed/tld_serv_list#L64 > ) > > Related PR: > https://github.com/rfc1036/whois/pull/176 > > It appears there are more such problems: > https://github.com/rfc1036/whois/issues/177 > "whois2.afilias-grs.net (the server for two TLDs) no longer exists, the > domain is owned by some kinda sketchy parking service" > > https://github.com/rfc1036/whois/issues/179 > "Server for .bz is whois.afilias-grs.info associated with old 'Afilias' > name, might need updating" > > This one looks particularly concerning, because it indicates the data > on the IANA database is oudated/incorrect: > https://github.com/rfc1036/whois/pull/178 > > > It appears to me that this is an extremely problematic situation. > Existing whois tools hardcode whois servers, and the data is updated > manually. > That could be "fixed" by requiring CAs to make sure they use updated > data. > > But there's a larger question whether there even is a reliable "source > of truth" for whois servers. Does IANA make any guarantees that the > whois servers they advertise are operational, and under control of the > respective TLD authority? > > IMHO if there is no satisfying answer to these questions, whois data > should no longer be allowed as a domain validation mechanism. > > -- > Hanno Böck > https://hboeck.de/ > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/20240912092107.1091b356.hanno%40hboeck.de > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAOG%3DJUJLJGUq4DV1FOLNfFe4R%2BAh_VKVkJ%3Db5%2BOVh3CbXj78Nw%40mail.gmail.com.
