On 06/07/2022 15:14, Valery Smyslov wrote:
Hi Peter,
On 7/6/22 12:41 AM, Valery Smyslov wrote:
Hi Martin,
The chairs think that the rough consensus is to limit the scope of the
draft to domain names
(with the pointer to the HTTP RFC as advise for protocols that support
IP addresses).
Is this the consensus of the chairs, or was there some discussion that I missed?
We discussed this with Leif going back to the history of RFC 6125.
The text explicitly limiting the scope of the document to domain names
first appeared in draft-saintandre-tls-server-id-check-05 back in 2010
and was kept in RFC 6125. At the time the 6125bis draft was adopted
there was no intention to widen the scope of RFC 6125.
I agree that there is no consensus to include changes, but I don't see any
input other than from Rich
(and
I guess now yourself).
Peter also participated in the discussion and from our point of view he
supported Rich's position.
We also waited a bit for others to chime in.
I'm actually not opposed to adding support for IP addresses - my only
concern was performing major surgery on the document, so I wanted to
think about what changes we would need to make. At the time that Jeff
and I worked on RFC 6125, we were not aware of widespread use of IP
addresses in PKIX certificates. If the deployment situation has changed
(as indicated by RFC 9110), then I am open to adding IP-IDs to 6125bis.
OK, sorry for misinterpreting your response.
Just to reiterate the chairs' position. We think that describing the handling
of non-domain based names
(like IP-ID) is a good idea, but at the same time we think that it would
require quite a lot
of changes to the current document,
Martin sketched that out here:
https://github.com/richsalz/draft-ietf-uta-rfc6125bis/pull/54/files
I don't think it's *too* bad.
that would slow down its progress.
What's the hurry? It's been 10+ years since we published RFC 6125, I
don't think a few more weeks will make a big difference.
Then, we'd like to hear from WG members:
whether the scope of rfc6125bis draft should be broaden
to include non-domain names, like IP addresses
(at the cost of delaying its publication) or this issue
should be addressed in a separate document.
Separate document for IP addresses. RFC6125 was based on a
comprehensive survey of what IETF protocols were doing in this space and
I have not seen much change there. Security moves relentlessly on and
so an up-to-date guide is worthwhile.
IP addresses do get used but probably not on the large Internet web
servers, rather in Enterprise. (I wondered if the Internet of Things
will go down that route).
Whatever, a different use case, a different environment, a different RFC
IMHO.
Tom Petch
Regards,
Valery.
Peter
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
