On 02/18/2018 07:22 PM, Fraser Tweedale wrote:
Ultimately, the same problems exist for any kind of subject name and the only practical mitigation is short-lived certificates. With that in mind, given that Ian's proposal is scoped to only validatate IP Address altnames against data that are explicitly managed in FreeIPA, I don't object. I'm interested to hear other views.
Thanks for the positive feedback. Anyone else want to chime in? FYI, I've been working on the logic for validating the IP addresses in my not-copious-spare time, and I hope to have something worth discussing in the next week or so. -- ======================================================================== Ian Pilcher arequip...@gmail.com -------- "I grew up before Mark Zuckerberg invented friendship" -------- ======================================================================== _______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
