Alexey Melnikov has entered the following ballot position for draft-ietf-acme-ip-07: Discuss
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-acme-ip/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Thank you for this document. I have a trivial thing I would like to discuss before recommending approval of this document: Section 3 of RFC 6066 says: "HostName" contains the fully qualified DNS hostname of the server, as understood by the client. The hostname is represented as a byte string using ASCII encoding without a trailing dot. However your example shows in Section 6: For the "tls-alpn-01" challenge the subjectAltName extension in the validation certificate MUST contain a single iPAddress that matches the address being validated. As [RFC6066] does not permit IP addresses to be used in the SNI extension HostName field the server MUST instead use the IN-ADDR.ARPA [RFC1034] or IP6.ARPA [RFC3596] reverse mapping of the IP address as the HostName field value instead of the IP address string representation itself. For example if the IP address being validated is 2001:db8::1 the SNI HostName field should contain "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d .0.1.0.0.2.ip6.arpa.". I.e. there is a trailing dot after “arpa”. Is the example wrong or am I missing something? _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
