Also exposes the vulnerabilities in the automated process of issuing certificates. If all that it takes is an email address in the registrant's data (which is an email record that is updated or changed periodically through email), then it is not difficult for a benign or malignant security professional to obtain a certificate which would in turn open up a gateway to the registrant's domain. (I may be wrong) Sivasubramanian M Sent by a Verified [image: Sent by a Verified sender] <https://wallet.unumid.co/authenticate?referralCode=YQmHX1HBGdde> sender On Thu, Sep 12, 2024 at 10:25 AM Carlton Samuels via CPWG <cpwg@icann.org> wrote:

Well, it seems all his stars were aligned.....

https://arstechnica.com/security/2024/09/rogue-whois-server-gives-researcher...

Carlton ============================== *Carlton A Samuels*

*Mobile: 876-818-1799Strategy, Process, Governance, Assessment & Turnaround* ============================= _______________________________________________ CPWG mailing list -- cpwg@icann.org To unsubscribe send an email to cpwg-leave@icann.org

_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.