On 11/16/2017 02:28 PM, Roland Bracewell Shoemaker wrote: > The point of the draft is to provide a method for validating the control > of IP addresses in the same way that the ACME draft does for DNS names. > This allows ACME implementing CAs to be on an equal footing with > existing implementations. The draft does three major things > > * Adds a IP identifier type > * Provides guidance on using http-01 and tls-sni-02 challenges for IP > validation > * Adds a new challenge, reverse-dns-01, which conforms with CABF B/R > Section 3.2.2.5. > > The only major objection that was previously voiced revolved around the > lack of a policy mechanism for allowing a IP/network owner to block > issuance and that there should be some kind of default denial required. > It is my opinion that this draft is the wrong place for CA policy to be > dictated and the right place to fix this problem would be in a document > implementing an lookup mechanism for CAA records for IP addresses (see > draft-shoemaker-caa-ip). > > Any major thoughts/objections? If there are no significant hurdles I'd > like to move towards getting this document finalized.
Any further thoughts about draft-shoemaker-caa-ip? I'd love to get it adopted as a WG document. _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
