On 03/27/2017 04:28 PM, Richard Barnes wrote: > Thanks, Roland. Interesting draft. > > Couple of first reactions: > > - Why use the target of the PTR instead of just provisioning the TXT > record directly in the reverse DNS. (Is there some restriction in the > spec for reverse DNS that says it's only PTR?) It seems like by using > the PTR target, your security analysis gets much more complicated. >
The original reason for this was that I held the belief that there was an RFC that set restrictions on the record types that should exist in the reverse zones (i.e. PTR/CNAME/NS/SOA) only. After looking through relevant documents for the last hour though I can't actually find anything that states this and a number of example zones do seem to contain other types, notably TXTs. Based on this I think it does makes sense to remove the use of the PTR target and just require the provisioning of a TXT record at the reverse mapping node. > - For the re-use of "http-01", you should probably specify the contents > of the Host header. (Main ACME should probably clarify that for DNS, if > it's not clear already.) > Good point. > On Mon, Mar 27, 2017 at 4:38 PM, Roland Shoemaker > <[email protected] <mailto:[email protected]>> wrote: > > Probably of interesting to some people here, would love to hear your > thoughts. > > -------- Forwarded Message -------- > Subject: New Version Notification for draft-shoemaker-acme-ip-00.txt > Date: Mon, 27 Mar 2017 13:30:19 -0700 > From: [email protected] <mailto:[email protected]> > To: Roland Bracewell Shoemaker <[email protected] > <mailto:[email protected]>>, Roland > Shoemaker <[email protected] <mailto:[email protected]>> > > > A new version of I-D, draft-shoemaker-acme-ip-00.txt > has been successfully submitted by Roland Bracewell Shoemaker and posted > to the > IETF repository. > > Name: draft-shoemaker-acme-ip > Revision: 00 > Title: ACME IP Identifier Validation Extension > Document date: 2017-03-27 > Group: Individual Submission > Pages: 6 > URL: > https://www.ietf.org/internet-drafts/draft-shoemaker-acme-ip-00.txt > <https://www.ietf.org/internet-drafts/draft-shoemaker-acme-ip-00.txt> > Status: > https://datatracker.ietf.org/doc/draft-shoemaker-acme-ip/ > <https://datatracker.ietf.org/doc/draft-shoemaker-acme-ip/> > Htmlized: > https://tools.ietf.org/html/draft-shoemaker-acme-ip-00 > <https://tools.ietf.org/html/draft-shoemaker-acme-ip-00> > Htmlized: > https://datatracker.ietf.org/doc/html/draft-shoemaker-acme-ip-00 > <https://datatracker.ietf.org/doc/html/draft-shoemaker-acme-ip-00> > > > Abstract: > This document specifies identifiers and challenges required to enable > the Automated Certificate Management Environment (ACME) to issue > certificates for IP addresses. > > > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org > <http://tools.ietf.org>. > > The IETF Secretariat > > _______________________________________________ > Acme mailing list > [email protected] <mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/acme > <https://www.ietf.org/mailman/listinfo/acme> > > _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
