Thanks for the review. Good catch on the FQDN, this looks like it was just an error in the example. I’ll push up a revision addressing this.
> On Sep 29, 2019, at 8:38 AM, Alexey Melnikov via Datatracker > <[email protected]> wrote: > > Alexey Melnikov has entered the following ballot position for > draft-ietf-acme-ip-07: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-acme-ip/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > Thank you for this document. > > I have a trivial thing I would like to discuss before recommending approval > of this document: > > Section 3 of RFC 6066 says: > "HostName" contains the fully qualified DNS hostname of the server, > as understood by the client. The hostname is represented as a byte > string using ASCII encoding without a trailing dot. > > However your example shows in Section 6: > > For the "tls-alpn-01" challenge the subjectAltName extension in the > validation certificate MUST contain a single iPAddress that matches > the address being validated. As [RFC6066] does not permit IP > addresses to be used in the SNI extension HostName field the server > MUST instead use the IN-ADDR.ARPA [RFC1034] or IP6.ARPA [RFC3596] > reverse mapping of the IP address as the HostName field value instead > of the IP address string representation itself. For example if the > IP address being validated is 2001:db8::1 the SNI HostName field > should contain "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d > .0.1.0.0.2.ip6.arpa.". > > I.e. there is a trailing dot after “arpa”. Is the example wrong or am I > missing something? > > > > _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
