Mozilla will endorse, too, if needed. Thanks, Ben On Mon, Sep 16, 2024 at 9:06 AM Pedro FUENTES via Servercert-wg < [email protected]> wrote:
> OISTE would endorse this initiative > > On 16 Sep 2024, at 16:32, Ryan Dickson via Servercert-wg < > [email protected]> wrote: > > All, > > In light of recent events where research from WatchTowr Labs demonstrated > how threat actors could exploit WHOIS to obtain fraudulently issued TLS > certificates [1] and follow-on discussions in MDSP [2][3], we drafted an > introductory proposal [4] to sunset the use of WHOIS for identifying Domain > Contacts. > > The proposal sets a prohibition against relying on WHOIS to identify > Domain Contacts beginning 11/1/2024. > > While publicly-trusted CA Owners are required to disclose and maintain > in-use DCV methods to the CCADB [5], the collected data lacks specificity, > hindering our ability to assess the extent of reliance on WHOIS and the > potential impact of transitioning away from it. > > Feedback on the proposal (preferably using comments or suggestions on the > Pull Request via GitHub) along with volunteers for endorsers would be > appreciated. > > Thanks, > Ryan > > P.S., I apologize if this effort is redundant to discussions already > taking place in the Forum, I was traveling last week and am catching up on > email. > > [1] > https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/ > <https://urldefense.proofpoint.com/v2/url?u=https-3A__labs.watchtowr.com_we-2Dspent-2D20-2Dto-2Dachieve-2Drce-2Dand-2Daccidentally-2Dbecame-2Dthe-2Dadmins-2Dof-2Dmobi_&d=DwMFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=1CJcldkOKNaH6Tu9kiTliBmTMzTdtFrQ0USL5juRHSkA78re2Z_FuT3Hr1z1Cd6m&s=qZzpnP-57sE4nQ6LxHM50ULVrjSKSIk2Fccl0d8PESE&e=> > [2] > https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/FuOi_uhQB6U > <https://urldefense.proofpoint.com/v2/url?u=https-3A__groups.google.com_a_mozilla.org_g_dev-2Dsecurity-2Dpolicy_c_FuOi-5FuhQB6U&d=DwMFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=1CJcldkOKNaH6Tu9kiTliBmTMzTdtFrQ0USL5juRHSkA78re2Z_FuT3Hr1z1Cd6m&s=31lolz5JP-8ykEL9HDAxaX6AcVj3rFj7LwOwRxwFkZg&e=> > [3] > https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/mAl9XjieSkA > <https://urldefense.proofpoint.com/v2/url?u=https-3A__groups.google.com_a_mozilla.org_g_dev-2Dsecurity-2Dpolicy_c_mAl9XjieSkA&d=DwMFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=1CJcldkOKNaH6Tu9kiTliBmTMzTdtFrQ0USL5juRHSkA78re2Z_FuT3Hr1z1Cd6m&s=37YIE6Jw_R8c8obIjNP3qo3yo9YW36r4WMZH76HyUGM&e=> > [4] https://github.com/cabforum/servercert/pull/548 > <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_cabforum_servercert_pull_548&d=DwMFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=1CJcldkOKNaH6Tu9kiTliBmTMzTdtFrQ0USL5juRHSkA78re2Z_FuT3Hr1z1Cd6m&s=vBGh-YJqmgDPKGnq5cAcEuu__uSmeZaCK_EGoFkB-Kc&e=> > [5] > https://docs.google.com/spreadsheets/d/1IXL8Yk12gPQs8GXiosXCPLPgATJilaiVy-f9SbsMA28/edit?gid=268412787#gid=268412787 > <https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.google.com_spreadsheets_d_1IXL8Yk12gPQs8GXiosXCPLPgATJilaiVy-2Df9SbsMA28_edit-3Fgid-3D268412787-23gid-3D268412787&d=DwMFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=1CJcldkOKNaH6Tu9kiTliBmTMzTdtFrQ0USL5juRHSkA78re2Z_FuT3Hr1z1Cd6m&s=nHPN4vmJhl30c7Nh_y7NmG73eUtxjUstZR6YNcUH0o4&e=> > > _______________________________________________ > Servercert-wg mailing list > [email protected] > > https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_servercert-2Dwg&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=1CJcldkOKNaH6Tu9kiTliBmTMzTdtFrQ0USL5juRHSkA78re2Z_FuT3Hr1z1Cd6m&s=hOfLasOApOVBc0Uwo83PbDiIvJ4IjPP7O-hs7suejHw&e= > > > > > *WISeKey SA* > > *Pedro Fuentes*CSO - Trust Services Manager > Office: + 41 (0) 22 594 30 00 > Mobile: + 41 (0) 791 274 790 > Address: Avenue Louis-Casaï 58 | 1216 Cointrin | Switzerland > > *Stay connected with WISeKey <http://www.wisekey.com>* > *THIS IS A TRUSTED MAIL*: This message is digitally signed with a WISeKey > identity. If you get a mail from WISeKey please check the signature to > avoid security risks > > *CONFIDENTIALITY: *This email and any files transmitted with it can be > confidential and it’s intended solely for the use of the individual or > entity to which they are addressed. If you are not the named addressee > you should not disseminate, distribute or copy this e-mail. If you have > received this email in error please notify the sender > > *DISCLAIMER: *WISeKey does not warrant the accuracy or completeness of > this message and does not accept any liability for any errors or > omissions herein as this message has been transmitted over a public > network. Internet communications cannot be guaranteed to be secure or > error-free as information may be intercepted, corrupted, or contain > viruses. Attachments to this e-mail are checked for viruses; however, we do > not accept any liability for any damage sustained by viruses and therefore > you are kindly requested to check for viruses upon receipt. > > _______________________________________________ > Servercert-wg mailing list > [email protected] > https://lists.cabforum.org/mailman/listinfo/servercert-wg >
_______________________________________________ Servercert-wg mailing list [email protected] https://lists.cabforum.org/mailman/listinfo/servercert-wg
