Ars Technica

Google calls for halting use of WHOIS for TLS domain verifications

Certificate authorities and browser makers are planning to end the use of WHOIS data verifying domain ownership following a report that demonstrated how threat actors could abuse the process to obtain ...
Ars Technica

Rogue WHOIS server gives researcher superpowers no one should ever have

It’s not every day that a security researcher acquires the ability to generate counterfeit HTTPS certificates, track email activity, and the position to execute code of his choice on thousands of ...
CSOonline

TLS security subverted due to CA use of outdated WHOIS servers

Registering the domain of .mobi’s former WHOIS server for $20, researchers discovered that Certificate Authorities could be tricked into running domain validation through rogue email addresses, ...