It's important to note that automated validation of IP addresses for
certificates is already a part of the Web PKI, but is not standardized.
This protocol will standardize it, which I believe will makeĀ overall
validation of IP addresses more secure, within the threat model that
Roland described.
We could attempt to ban automated validation of IP address certificates,
or ban IP address certificates entirely, but that wanders into the realm
of policy rather than standards, and would be better suited to browser
root programs IMO.
Overall, given the tradeoffs, I think it is better to have a
standardized method of IP address validation than to have none.
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
