Confirm, administrator
5,526
edits
Changes
→CA Recommended Practices
=== Revocation of Compromised Certificates ===
* CAs should revoke certificates with private keys that are known to be compromised, or for which verification of subscriber information is known to be invalid.
=== Using third-party websites to get WHOIS data ===
[http://en.wikipedia.org/wiki/WHOIS WHOIS] may be used by some CAs as a source of information for checking
ownership/control of the domain name for SSL certificate applications. WHOIS information may be subject to compromise. CAs are responsible for implementing appropriate methods to reduce the risk of compromise. For example, direct command line, HTTPS to the original registrar, or correlating multiple sources. The CA should include information in their CP/CPS about the method that they use to validate the integrity of the data.
== Notes for future work ==
