{"id":64810,"date":"2024-09-20T20:53:25","date_gmt":"2024-09-20T20:53:25","guid":{"rendered":"https:\/\/ushopwell.com\/ublog\/google-calls-for-halting-use-of-whois-for-tls-domain-verifications\/"},"modified":"2024-09-20T20:53:25","modified_gmt":"2024-09-20T20:53:25","slug":"google-calls-for-halting-use-of-whois-for-tls-domain-verifications","status":"publish","type":"post","link":"https:\/\/ushopwell.com\/ublog\/google-calls-for-halting-use-of-whois-for-tls-domain-verifications\/","title":{"rendered":"Google calls for halting use of WHOIS for TLS domain verifications"},"content":{"rendered":"<div>\n<div id=\"rss-wrap\">\n<figure class=\"intro-image intro-left\">\n  <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/06\/security-800x534.jpeg\" alt=\"Google calls for halting use of WHOIS for TLS domain verifications\" \/><\/p>\n<p class=\"caption\" style=\"font-size:0.8em\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/06\/security.jpeg\" class=\"enlarge-link\" data-height=\"667\" data-width=\"1000\">Enlarge<\/a> (credit: Getty Images)<\/p>\n<\/figure>\n<div><a name=\"page-1\"><\/a><\/div>\n<p>Certificate authorities and browser makers are planning to end the use of <a href=\"https:\/\/en.wikipedia.org\/wiki\/WHOIS\">WHOIS<\/a> data verifying domain ownership following a report that demonstrated how threat actors could abuse the process to obtain fraudulently issued TLS certificates.<\/p>\n<p>TLS certificates are the cryptographic credentials that underpin HTTPS connections, a critical component of online communications verifying that a server belongs to a trusted entity and encrypts all traffic passing between it and an end user. These credentials are issued by any one of hundreds of CAs (certificate authorities) to domain owners. The rules for how certificates are issued and the process for verifying the rightful owner of a domain are left to the <a href=\"https:\/\/cabforum.org\/\">CA\/Browser Forum<\/a>. One &#8220;base requirement rule&#8221; allows CAs to send an email to an address listed in the WHOIS record for the domain being applied for. When the receiver clicks an enclosed link, the certificate is automatically approved.<\/p>\n<h2>Non-trivial dependencies<\/h2>\n<p>Researchers from security firm watchTowr recently demonstrated how threat actors could abuse the rule to <a href=\"https:\/\/arstechnica.com\/security\/2024\/09\/rogue-whois-server-gives-researcher-superpowers-no-one-should-ever-have\/\">obtain fraudulently issued certificates<\/a> for domains they didn\u2019t own. The security failure resulted from a lack of uniform rules for determining the validity of sites claiming to provide official WHOIS records.<\/p>\n<\/div>\n<p><a href=\"https:\/\/arstechnica.com\/?p=2051511#p3\">Read 8 remaining paragraphs<\/a> | <a href=\"https:\/\/arstechnica.com\/?p=2051511&amp;comments=1\">Comments<\/a><\/p>\n<\/div>\n<p class=\"wpematico_credit\"><small>Powered by <a href=\"http:\/\/www.wpematico.com\" target=\"_blank\" rel=\"noopener\">WPeMatico<\/a><\/small><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Enlarge (credit: Getty Images) Certificate authorities and browser makers are planning to end the use of WHOIS data verifying domain ownership following a report that demonstrated how threat actors could abuse the process to obtain fraudulently issued TLS certificates. TLS certificates are the cryptographic credentials that underpin HTTPS connections, a critical component of online communications verifying that a server belongs to a trusted entity and encrypts all traffic passing between&#8230;<\/p>\n","protected":false},"author":1,"featured_media":64811,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[241],"tags":[],"class_list":["post-64810","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Google calls for halting use of WHOIS for TLS domain verifications - UshopWell.com<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/ushopwell.com\/ublog\/google-calls-for-halting-use-of-whois-for-tls-domain-verifications\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Google calls for halting use of WHOIS for TLS domain verifications - UshopWell.com\" \/>\n<meta property=\"og:description\" content=\"Enlarge (credit: Getty Images) Certificate authorities and browser makers are planning to end the use of WHOIS data verifying domain ownership following a report that demonstrated how threat actors could abuse the process to obtain fraudulently issued TLS certificates. TLS certificates are the cryptographic credentials that underpin HTTPS connections, a critical component of online communications verifying that a server belongs to a trusted entity and encrypts all traffic passing between...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/ushopwell.com\/ublog\/google-calls-for-halting-use-of-whois-for-tls-domain-verifications\/\" \/>\n<meta property=\"og:site_name\" content=\"UshopWell.com\" \/>\n<meta property=\"article:published_time\" content=\"2024-09-20T20:53:25+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/ushopwell.com\/ublog\/wp-content\/uploads\/2024\/09\/security-800x534-1.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"534\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"UShopWell\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"UShopWell\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/google-calls-for-halting-use-of-whois-for-tls-domain-verifications\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/google-calls-for-halting-use-of-whois-for-tls-domain-verifications\\\/\"},\"author\":{\"name\":\"UShopWell\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#\\\/schema\\\/person\\\/6fd1f9e0ff932e534c86c70d5acff0fc\"},\"headline\":\"Google calls for halting use of WHOIS for TLS domain verifications\",\"datePublished\":\"2024-09-20T20:53:25+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/google-calls-for-halting-use-of-whois-for-tls-domain-verifications\\\/\"},\"wordCount\":219,\"publisher\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/google-calls-for-halting-use-of-whois-for-tls-domain-verifications\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/security-800x534-1.jpeg\",\"articleSection\":[\"Technology\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/google-calls-for-halting-use-of-whois-for-tls-domain-verifications\\\/\",\"url\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/google-calls-for-halting-use-of-whois-for-tls-domain-verifications\\\/\",\"name\":\"Google calls for halting use of WHOIS for TLS domain verifications - UshopWell.com\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/google-calls-for-halting-use-of-whois-for-tls-domain-verifications\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/google-calls-for-halting-use-of-whois-for-tls-domain-verifications\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/security-800x534-1.jpeg\",\"datePublished\":\"2024-09-20T20:53:25+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/google-calls-for-halting-use-of-whois-for-tls-domain-verifications\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/google-calls-for-halting-use-of-whois-for-tls-domain-verifications\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/google-calls-for-halting-use-of-whois-for-tls-domain-verifications\\\/#primaryimage\",\"url\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/security-800x534-1.jpeg\",\"contentUrl\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/security-800x534-1.jpeg\",\"width\":800,\"height\":534},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/google-calls-for-halting-use-of-whois-for-tls-domain-verifications\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Google calls for halting use of WHOIS for TLS domain verifications\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#website\",\"url\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/\",\"name\":\"UshopWell.com\",\"description\":\"The Premiere Online Marketplace\",\"publisher\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#organization\",\"name\":\"UshopWell\",\"url\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/wp-content\\\/uploads\\\/2018\\\/01\\\/pandaSwea.png\",\"contentUrl\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/wp-content\\\/uploads\\\/2018\\\/01\\\/pandaSwea.png\",\"width\":365,\"height\":359,\"caption\":\"UshopWell\"},\"image\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#\\\/schema\\\/person\\\/6fd1f9e0ff932e534c86c70d5acff0fc\",\"name\":\"UShopWell\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4adb372cadd43b4d4c57964dab95b0f69618bf960d131c4acf49d96d6bbc9c6e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4adb372cadd43b4d4c57964dab95b0f69618bf960d131c4acf49d96d6bbc9c6e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4adb372cadd43b4d4c57964dab95b0f69618bf960d131c4acf49d96d6bbc9c6e?s=96&d=mm&r=g\",\"caption\":\"UShopWell\"},\"url\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/author\\\/kburnettu\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Google calls for halting use of WHOIS for TLS domain verifications - UshopWell.com","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/ushopwell.com\/ublog\/google-calls-for-halting-use-of-whois-for-tls-domain-verifications\/","og_locale":"en_US","og_type":"article","og_title":"Google calls for halting use of WHOIS for TLS domain verifications - UshopWell.com","og_description":"Enlarge (credit: Getty Images) Certificate authorities and browser makers are planning to end the use of WHOIS data verifying domain ownership following a report that demonstrated how threat actors could abuse the process to obtain fraudulently issued TLS certificates. TLS certificates are the cryptographic credentials that underpin HTTPS connections, a critical component of online communications verifying that a server belongs to a trusted entity and encrypts all traffic passing between...","og_url":"https:\/\/ushopwell.com\/ublog\/google-calls-for-halting-use-of-whois-for-tls-domain-verifications\/","og_site_name":"UshopWell.com","article_published_time":"2024-09-20T20:53:25+00:00","og_image":[{"width":800,"height":534,"url":"https:\/\/ushopwell.com\/ublog\/wp-content\/uploads\/2024\/09\/security-800x534-1.jpeg","type":"image\/jpeg"}],"author":"UShopWell","twitter_card":"summary_large_image","twitter_misc":{"Written by":"UShopWell","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/ushopwell.com\/ublog\/google-calls-for-halting-use-of-whois-for-tls-domain-verifications\/#article","isPartOf":{"@id":"https:\/\/ushopwell.com\/ublog\/google-calls-for-halting-use-of-whois-for-tls-domain-verifications\/"},"author":{"name":"UShopWell","@id":"https:\/\/ushopwell.com\/ublog\/#\/schema\/person\/6fd1f9e0ff932e534c86c70d5acff0fc"},"headline":"Google calls for halting use of WHOIS for TLS domain verifications","datePublished":"2024-09-20T20:53:25+00:00","mainEntityOfPage":{"@id":"https:\/\/ushopwell.com\/ublog\/google-calls-for-halting-use-of-whois-for-tls-domain-verifications\/"},"wordCount":219,"publisher":{"@id":"https:\/\/ushopwell.com\/ublog\/#organization"},"image":{"@id":"https:\/\/ushopwell.com\/ublog\/google-calls-for-halting-use-of-whois-for-tls-domain-verifications\/#primaryimage"},"thumbnailUrl":"https:\/\/ushopwell.com\/ublog\/wp-content\/uploads\/2024\/09\/security-800x534-1.jpeg","articleSection":["Technology"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/ushopwell.com\/ublog\/google-calls-for-halting-use-of-whois-for-tls-domain-verifications\/","url":"https:\/\/ushopwell.com\/ublog\/google-calls-for-halting-use-of-whois-for-tls-domain-verifications\/","name":"Google calls for halting use of WHOIS for TLS domain verifications - UshopWell.com","isPartOf":{"@id":"https:\/\/ushopwell.com\/ublog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/ushopwell.com\/ublog\/google-calls-for-halting-use-of-whois-for-tls-domain-verifications\/#primaryimage"},"image":{"@id":"https:\/\/ushopwell.com\/ublog\/google-calls-for-halting-use-of-whois-for-tls-domain-verifications\/#primaryimage"},"thumbnailUrl":"https:\/\/ushopwell.com\/ublog\/wp-content\/uploads\/2024\/09\/security-800x534-1.jpeg","datePublished":"2024-09-20T20:53:25+00:00","breadcrumb":{"@id":"https:\/\/ushopwell.com\/ublog\/google-calls-for-halting-use-of-whois-for-tls-domain-verifications\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/ushopwell.com\/ublog\/google-calls-for-halting-use-of-whois-for-tls-domain-verifications\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/ushopwell.com\/ublog\/google-calls-for-halting-use-of-whois-for-tls-domain-verifications\/#primaryimage","url":"https:\/\/ushopwell.com\/ublog\/wp-content\/uploads\/2024\/09\/security-800x534-1.jpeg","contentUrl":"https:\/\/ushopwell.com\/ublog\/wp-content\/uploads\/2024\/09\/security-800x534-1.jpeg","width":800,"height":534},{"@type":"BreadcrumbList","@id":"https:\/\/ushopwell.com\/ublog\/google-calls-for-halting-use-of-whois-for-tls-domain-verifications\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/ushopwell.com\/ublog\/"},{"@type":"ListItem","position":2,"name":"Google calls for halting use of WHOIS for TLS domain verifications"}]},{"@type":"WebSite","@id":"https:\/\/ushopwell.com\/ublog\/#website","url":"https:\/\/ushopwell.com\/ublog\/","name":"UshopWell.com","description":"The Premiere Online Marketplace","publisher":{"@id":"https:\/\/ushopwell.com\/ublog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/ushopwell.com\/ublog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/ushopwell.com\/ublog\/#organization","name":"UshopWell","url":"https:\/\/ushopwell.com\/ublog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/ushopwell.com\/ublog\/#\/schema\/logo\/image\/","url":"https:\/\/ushopwell.com\/ublog\/wp-content\/uploads\/2018\/01\/pandaSwea.png","contentUrl":"https:\/\/ushopwell.com\/ublog\/wp-content\/uploads\/2018\/01\/pandaSwea.png","width":365,"height":359,"caption":"UshopWell"},"image":{"@id":"https:\/\/ushopwell.com\/ublog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/ushopwell.com\/ublog\/#\/schema\/person\/6fd1f9e0ff932e534c86c70d5acff0fc","name":"UShopWell","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/4adb372cadd43b4d4c57964dab95b0f69618bf960d131c4acf49d96d6bbc9c6e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/4adb372cadd43b4d4c57964dab95b0f69618bf960d131c4acf49d96d6bbc9c6e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4adb372cadd43b4d4c57964dab95b0f69618bf960d131c4acf49d96d6bbc9c6e?s=96&d=mm&r=g","caption":"UShopWell"},"url":"https:\/\/ushopwell.com\/ublog\/author\/kburnettu\/"}]}},"_links":{"self":[{"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/posts\/64810","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/comments?post=64810"}],"version-history":[{"count":0,"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/posts\/64810\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/media\/64811"}],"wp:attachment":[{"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/media?parent=64810"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/categories?post=64810"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/tags?post=64810"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}