A Note on WHOIS, GDPR and Domain Validation
You may have read in the news about how registry and registrar compliance with GDPR—the European Union’s new regulation on data protection that goes into effect on May 25—could impact WHOIS availability and the speed in which certificate authorities (CAs) handle domain control validation. DigiCert has been working with ICANN to keep WHOIS information available, and the organization has announced that it will continue to require registries and registrars to submit information to WHOIS, with a few changes to address GDPR.
For existing domains that you have already validated with us, there will be no impact. If you are adding new domains or haven’t completed domain validation with us yet, we advise you to plan ahead.
ICANN’s new process allows registries and registrars to submit data to WHOIS either via a web form or an anonymized email address. For the most efficient validation process, we encourage you to let your registry and registrar know that you want them to use an anonymized email address for your domains. Doing so will ensure minimal to no impact on our validation processes.
If you rely on WHOIS and still have concerns, other options are available. All DigiCert partners and customers already have access to the following alternative methods:
- Domain validation emails using any one of the following five constructed emails: firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, and firstname.lastname@example.org.
- DNS-based validation where a token or random value is added to the TXT or CNAME record. For CNAME records, this may include a prefix to avoid changing how the domain name operates. More information is available here: https://www.digicert.com/ssl-support/validation/not-receiving-dcv-emails.htm.
- Authentication by adding a file containing a token or random value to a file at domain/.well-known/pki-validation. Confirming the random value/token is completely automated.
The CAB Forum Validation Working Group, which DigiCert chairs, is also exploring additional validation methods that may be added in the near future.
Additionally, please know that DigiCert has a team working with ICANN and other members of the internet community to propose additional solutions to improve WHOIS. In the meantime, we are committed to working with you to minimize any impacts this may have on your certificate operations.
If you have questions, please contact our support team or your sales account representative.