On Mon, Aug 28, 2017 at 2:56 PM, Ryan Sleevi via Public <[email protected] > wrote:
> As such, if you desire an IP-address bearing certificate, there is no > means you can use to limit the CAs who can issue or (by virtue of the > CA-specific extensions) any policies that the issuing CAs use to verify or > authenticate the request. > > Does this conclusion feel correct for others? > This is also my understanding of the relevant documents. There was some recent discussion on the IETF ACME mailing list around issuance for IP addresses that brought up this point - There is no CAA equivalent for IP addresses, but it might be useful to develop one.
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
