Re: [Acme] I-D Action: draft-ietf-acme-ip-00.txt

On 07/19/2017 07:39 AM, Martin Thomson wrote: > In this case, I disagree. With names, there is an expectation that > certificates can be issued for them. This is not the default case for > IP addresses Why do you say that issuance is disallowed by default for most IP addresses? The CA/Browser

Re: [Acme] I-D Action: draft-ietf-acme-ip-00.txt

On 19 July 2017 at 03:45, Jacob Hoffman-Andrews wrote: > On 07/17/2017 10:48 PM, Martin Thomson wrote: >> The biggest concern I have is the text regarding certificate lifetime >> and the handling of the possibility that IP addresses are dynamically >> allocated. This seems a little

Re: [Acme] I-D Action: draft-ietf-acme-ip-00.txt

On 07/17/2017 10:48 PM, Martin Thomson wrote: > The biggest concern I have is the text regarding certificate lifetime > and the handling of the possibility that IP addresses are dynamically > allocated. This seems a little weak and it leaves a lot to the CA to > manage. Is there anything that

Re: [Acme] I-D Action: draft-ietf-acme-ip-00.txt

> The biggest concern I have is the text regarding certificate lifetime and the > handling of the possibility that IP addresses are dynamically allocated. This > seems a little weak and it leaves a lot to the CA to manage. Is there > anything > that can be done to gain a stronger assertion that

Re: [Acme] I-D Action: draft-ietf-acme-ip-00.txt

The biggest concern I have is the text regarding certificate lifetime and the handling of the possibility that IP addresses are dynamically allocated. This seems a little weak and it leaves a lot to the CA to manage. Is there anything that can be done to gain a stronger assertion that the

Re: [Acme] I-D Action: draft-ietf-acme-ip-00.txt

This looks good! Nice work. On 07/16/2017 04:29 PM, Roland Bracewell Shoemaker wrote: > There was some previous discussion about possibly using a slightly > simpler DNS based verification method on the list last time I posted > this as an individual submission. After reading through the CABF BRs

Re: [Acme] I-D Action: draft-ietf-acme-ip-00.txt

On Sun, Jul 16, 2017 at 11:10:35PM -0700, Roland Bracewell Shoemaker wrote: > On 07/16/2017 10:14 PM, Ilari Liusvaara wrote: > > On Sun, Jul 16, 2017 at 04:29:20PM -0700, Roland Bracewell Shoemaker wrote: > > The most recent proposed language clarifies that any method which looks > up a DNS name

Re: [Acme] I-D Action: draft-ietf-acme-ip-00.txt

On 07/16/2017 10:14 PM, Ilari Liusvaara wrote: > On Sun, Jul 16, 2017 at 04:29:20PM -0700, Roland Bracewell Shoemaker wrote: >> There was some previous discussion about possibly using a slightly >> simpler DNS based verification method on the list last time I posted >> this as an individual

Re: [Acme] I-D Action: draft-ietf-acme-ip-00.txt

On Sun, Jul 16, 2017 at 04:29:20PM -0700, Roland Bracewell Shoemaker wrote: > There was some previous discussion about possibly using a slightly > simpler DNS based verification method on the list last time I posted > this as an individual submission. After reading through the CABF BRs for > IP

Re: [Acme] I-D Action: draft-ietf-acme-ip-00.txt

There was some previous discussion about possibly using a slightly simpler DNS based verification method on the list last time I posted this as an individual submission. After reading through the CABF BRs for IP validation I'm pretty sure the proposed solution (checking for a TXT record in the

[Acme] I-D Action: draft-ietf-acme-ip-00.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Automated Certificate Management Environment of the IETF. Title : ACME IP Identifier Validation Extension Author : Roland Bracewell Shoemaker