Dear Claves, Maybe many CAs (like SwissSign) are not using WHOIS anymore and thus don't reply to this thread. 😉
Rgds Roman From: [email protected] <[email protected]> On Behalf Of Claves Nostrum Sent: Freitag, 13. September 2024 14:01 To: [email protected] Cc: Hanno Böck <[email protected]> Subject: Re: Sources of Domain Contact Information? I am a bit surprised that we have not seen anything from other CA on this, Bugzilla's or comments on this discussion, surely others must be affected to some extent, which would imply they need to audit whois-issuances for TLD's with ""questionable" or invalid whois servers configured in their lookup tooling. Op donderdag 12 september 2024 om 10:25:03 UTC+2 schreef Hanno Böck: On Thu, 12 Sep 2024 09:21:07 +0200 Hanno Böck <[email protected]> wrote: > But there's a larger question whether there even is a reliable "source > of truth" for whois servers. Does IANA make any guarantees that the > whois servers they advertise are operational, and under control of the > respective TLD authority? To answer myself: It appears multiple whois servers listed by IANA are not operational. This is true for the following TLDs: cf ci dz ec gn gp hm iq ml na sb tk to uy xn--lgbbat1ad8j xn--mgbtx2b xn--ygbi2ammx It therefore strongly appears to me that there is currently no reliable data source for whois servers, and therefore, it is unclear how domain validation via whois can be implemented securely. -- Hanno Böck - Independent security researcher https://itsec.hboeck.de/ https://badkeys.info/ -- You received this message because you are subscribed to the Google Groups "[email protected]<mailto:[email protected]>" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/f1847027-e1c0-410e-91ab-250cd62cb32an%40mozilla.org<https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/f1847027-e1c0-410e-91ab-250cd62cb32an%40mozilla.org?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/ZR0P278MB01702D19AD129E9D48088900FA652%40ZR0P278MB0170.CHEP278.PROD.OUTLOOK.COM.
