Hey Éric, Thanks for the review. To answer your two questions:
1. Assuming you are referring to the “type” field of the standard ACME identifier object the use of “ip” was thought to be a bit more verbose as to what the identifier contained vs. “address”. There could be some confusion with using address about what kind of address this was, especially since certain types of certificates (i.e. OV and EV) can contain physical mailing addresses etc. 2. Allowing only /32 or /128 was mainly just to allow reuse of the existing challenge types from RFC 8555. Adding randomized selection from larger ranges would be possible but would really require completely new challenge types as the modifications that would need to be made (and the specification of the randomized processes etc) would alter the existing challenges too much. There was also no user demand when we first started working on this for anything other than validating individual addresses. If we see demand in the future I think new challenge types would make for a nice short extension to the existing specification. Thanks, Roland > On Sep 30, 2019, at 2:09 PM, Éric Vyncke via Datatracker <[email protected]> > wrote: > > Éric Vyncke has entered the following ballot position for > draft-ietf-acme-ip-07: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-acme-ip/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Short and useful document: thank you for writing it. > > No need to reply to my two questions, but, I would appreciate your answers: > 1) why using a tag "ip" rather than "address" ? > 2) unsure whether it is doable, but, why only allowing /32 or /128 addresses? > A > server can listen to a /64 (for some specific applications), so, requesting a > /64 via ACME would be useful (challenge could be done via a random address out > of this /64 for example) > > Regards > > -éric > > _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
