mcr> I ommited your great explanation of the situation. *I* think that
mcr> certificates bound to IP addresses are useful for things like server
mcr> management systems (Dell DRACs, HP iLO, IBM RSA..). As such, there are
mcr> no cloud issues involved.
Ryan Sleevi <ryan-i...@sleevi.com> wrote:
> I’m a bit confused by understanding how this bit fits into the
> discussion.
> Is the concern that the draft-acme-ip would not work for these cases,
> and/or that the choice and use of TLS-ALPN (or another identifier)
> would preclude addressing these use cases?
I think your inclusion of TLS-ALPN (which would be new code, vs a few
extra scripts, I think) makes the solution more complex that it needs to be,
in order to address a use case which I've not been convinced is real.
> It seems that the applicability of the protocol satisfies all of these
> use cases, including internal CAs. Have I overlooked a concern with
> respect to SNI and ALPN?
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
