On Wed, Dec 20, 2017 at 4:27 PM, Jacob Hoffman-Andrews wrote:
> On 11/16/2017 02:28 PM, Roland Bracewell Shoemaker wrote:
> > The point of the draft is to provide a method for validating the control
> > of IP addresses in the same way that the ACME draft does for DNS names.
> > This allows ACME implementing CAs to be on an equal footing with
> > existing implementations. The draft does three major things
> >
> > * Adds a IP identifier type
> > * Provides guidance on using http-01 and tls-sni-02 challenges for IP
> > validation
> > * Adds a new challenge, reverse-dns-01, which conforms with CABF B/R
> > Section 3.2.2.5.
> >
> > The only major objection that was previously voiced revolved around the
> > lack of a policy mechanism for allowing a IP/network owner to block
> > issuance and that there should be some kind of default denial required.
> > It is my opinion that this draft is the wrong place for CA policy to be
> > dictated and the right place to fix this problem would be in a document
> > implementing an lookup mechanism for CAA records for IP addresses (see
> > draft-shoemaker-caa-ip).
> >
> > Any major thoughts/objections? If there are no significant hurdles I'd
> > like to move towards getting this document finalized.
>
> Any further thoughts about draft-shoemaker-caa-ip? I'd love to get it
> adopted as a WG document.
>
Do you mean draft-ietf-acme-ip? It's already adopted; that's what the
"draft-ietf" signifies.
If you think all the open issues are resolved, then we should go to WGLC.
Personally, I have not reviewed it recently.
--Richard
>
> ___
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme
>
___
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme
