On Apr 15, 2013, at 5:34 PM, Geoffrey Keating wrote:
CAs use it as part of a procedure to determine whether it's safe to issue a wildcard domain (as in, if it's on the list, it's not safe). See <https://www.cabforum.org/Baseline_Requirements_V1_1_3.pdf>, section 11.1.3.
They'd really like to have a process which is less ad-hoc. For example, it'd be great if these points were annotated in the DNS itself, perhaps with a record which points to the corresponding whois server.
Concur - I think codifying DNS's dynamic structure in an outside medium is only going to cause problems down the road (e.g., especially with namespace diffusion from the likes of new gTLDs, etc..). While an unfortunate naming collision here (i.e., the "SOPA" RR), I think an approach such as [1] has some merit - but much work needs to be done. -danny [1] http://tools.ietf.org/html/draft-sullivan-domain-origin-assert-02