Thanks, Roland. Interesting draft. Couple of first reactions:
- Why use the target of the PTR instead of just provisioning the TXT record directly in the reverse DNS. (Is there some restriction in the spec for reverse DNS that says it's only PTR?) It seems like by using the PTR target, your security analysis gets much more complicated. - For the re-use of "http-01", you should probably specify the contents of the Host header. (Main ACME should probably clarify that for DNS, if it's not clear already.) On Mon, Mar 27, 2017 at 4:38 PM, Roland Shoemaker <[email protected]> wrote: > Probably of interesting to some people here, would love to hear your > thoughts. > > -------- Forwarded Message -------- > Subject: New Version Notification for draft-shoemaker-acme-ip-00.txt > Date: Mon, 27 Mar 2017 13:30:19 -0700 > From: [email protected] > To: Roland Bracewell Shoemaker <[email protected]>, Roland > Shoemaker <[email protected]> > > > A new version of I-D, draft-shoemaker-acme-ip-00.txt > has been successfully submitted by Roland Bracewell Shoemaker and posted > to the > IETF repository. > > Name: draft-shoemaker-acme-ip > Revision: 00 > Title: ACME IP Identifier Validation Extension > Document date: 2017-03-27 > Group: Individual Submission > Pages: 6 > URL: > https://www.ietf.org/internet-drafts/draft-shoemaker-acme-ip-00.txt > Status: https://datatracker.ietf.org/doc/draft-shoemaker-acme-ip/ > Htmlized: https://tools.ietf.org/html/draft-shoemaker-acme-ip-00 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-shoemaker-acme-ip-00 > > > Abstract: > This document specifies identifiers and challenges required to enable > the Automated Certificate Management Environment (ACME) to issue > certificates for IP addresses. > > > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
