Re: [Acme] I-D Action: draft-ietf-acme-ip-03.txt

2018-07-25 Thread Roland Shoemaker 
Works for me, I’ll push a version with this change this afternoon.

Corey: thanks for catching this! I went looking for a reference on whether this 
was allowed but apparently completely glazed over the relevant line in 6066.

> On Jul 25, 2018, at 10:59 AM, Salz, Rich  
> wrote:
> 
> Use ip-addr.arpa names?
> 
> 
> ___
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme

___
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme

Re: [Acme] I-D Action: draft-ietf-acme-ip-03.txt

2018-07-25 Thread Richard Barnes 
You beat me to it.

On Wed, Jul 25, 2018 at 1:59 PM Salz, Rich  wrote:

> Use ip-addr.arpa names?
>
>
> ___
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme
>
___
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme

Re: [Acme] I-D Action: draft-ietf-acme-ip-03.txt

2018-07-25 Thread Salz, Rich 
Use ip-addr.arpa names?
 

___
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme

Re: [Acme] I-D Action: draft-ietf-acme-ip-03.txt

2018-07-25 Thread Corey Bonnell 
I see that this draft has been updated to specify how tls-alpn-01 can be used 
to validate IP addresses in section 4. However, IP addresses are not permitted 
in SNI, as RFC 6066 section 3 (https://tools.ietf.org/html/rfc6066#section-3)  
states that "Literal IPv4 and IPv6 addresses are not permitted in "HostName"."

Given that the tls-alpn-01 challenge mandates that servers support the 
acme-tls/1 ALPN, perhaps it is safe to merely state that the SNI extension MUST 
NOT be included in the TLS handshake at all for IP address validation using 
tls-alpn-01. The lack of the SNI extension in the TLS handshake would serve as 
an indicator to the server that IP address validation is being attempted by the 
TLS client (as opposed to hostname/domain validation, which will include SNI 
extension in the ClientHello).

Thanks,
Corey Bonnell
Senior Software Engineer 

Trustwave | SMART SECURITY ON DEMAND
https://www.trustwave.com

On 7/25/18, 1:07 PM, "Acme on behalf of internet-dra...@ietf.org" 
 wrote:


A New Internet-Draft is available from the on-line Internet-Drafts 
directories.
This draft is a work item of the Automated Certificate Management 
Environment WG of the IETF.

Title   : ACME IP Identifier Validation Extension
Author  : Roland Bracewell Shoemaker
Filename: draft-ietf-acme-ip-03.txt
Pages   : 5
Date: 2018-07-25

Abstract:
   This document specifies identifiers and challenges required to enable
   the Automated Certificate Management Environment (ACME) to issue
   certificates for IP addresses.


The IETF datatracker status page for this draft is:

https://scanmail.trustwave.com/?c=4062=ta7Y2z7dF1ccVpbCGk7zPBjJD50CzMOpeX9MdngtgA=5=https%3a%2f%2fdatatracker%2eietf%2eorg%2fdoc%2fdraft-ietf-acme-ip%2f

There are also htmlized versions available at:

https://scanmail.trustwave.com/?c=4062=ta7Y2z7dF1ccVpbCGk7zPBjJD50CzMOpeXgRJSp90Q=5=https%3a%2f%2ftools%2eietf%2eorg%2fhtml%2fdraft-ietf-acme-ip-03

https://scanmail.trustwave.com/?c=4062=ta7Y2z7dF1ccVpbCGk7zPBjJD50CzMOpeX4RJy15gA=5=https%3a%2f%2fdatatracker%2eietf%2eorg%2fdoc%2fhtml%2fdraft-ietf-acme-ip-03

A diff from the previous version is available at:

https://scanmail.trustwave.com/?c=4062=ta7Y2z7dF1ccVpbCGk7zPBjJD50CzMOpeS8aIXh9hw=5=https%3a%2f%2fwww%2eietf%2eorg%2frfcdiff%3furl2%3ddraft-ietf-acme-ip-03


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at 
http://scanmail.trustwave.com/?c=4062=ta7Y2z7dF1ccVpbCGk7zPBjJD50CzMOpeS4fdy952Q=5=http%3a%2f%2ftools%2eietf%2eorg

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

___
Acme mailing list
Acme@ietf.org

https://scanmail.trustwave.com/?c=4062=ta7Y2z7dF1ccVpbCGk7zPBjJD50CzMOpeSgdJHZ20g=5=https%3a%2f%2fwww%2eietf%2eorg%2fmailman%2flistinfo%2facme


___
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme

[Acme] I-D Action: draft-ietf-acme-ip-03.txt

2018-07-25 Thread internet-drafts 


A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Automated Certificate Management Environment 
WG of the IETF.

Title   : ACME IP Identifier Validation Extension
Author  : Roland Bracewell Shoemaker
Filename: draft-ietf-acme-ip-03.txt
Pages   : 5
Date: 2018-07-25

Abstract:
   This document specifies identifiers and challenges required to enable
   the Automated Certificate Management Environment (ACME) to issue
   certificates for IP addresses.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-acme-ip/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-acme-ip-03
https://datatracker.ietf.org/doc/html/draft-ietf-acme-ip-03

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-acme-ip-03


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

___
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme