On 07/19/2017 07:39 AM, Martin Thomson wrote:
> In this case, I disagree. With names, there is an expectation that
> certificates can be issued for them. This is not the default case for
> IP addresses
Why do you say that issuance is disallowed by default for most IP
addresses? The CA/Browser
On 19 July 2017 at 03:45, Jacob Hoffman-Andrews wrote:
> On 07/17/2017 10:48 PM, Martin Thomson wrote:
>> The biggest concern I have is the text regarding certificate lifetime
>> and the handling of the possibility that IP addresses are dynamically
>> allocated. This seems a little
On 07/17/2017 10:48 PM, Martin Thomson wrote:
> The biggest concern I have is the text regarding certificate lifetime
> and the handling of the possibility that IP addresses are dynamically
> allocated. This seems a little weak and it leaves a lot to the CA to
> manage. Is there anything that
> The biggest concern I have is the text regarding certificate lifetime and the
> handling of the possibility that IP addresses are dynamically allocated. This
> seems a little weak and it leaves a lot to the CA to manage. Is there
> anything
> that can be done to gain a stronger assertion that
The biggest concern I have is the text regarding certificate lifetime
and the handling of the possibility that IP addresses are dynamically
allocated. This seems a little weak and it leaves a lot to the CA to
manage. Is there anything that can be done to gain a stronger
assertion that the
This looks good! Nice work.
On 07/16/2017 04:29 PM, Roland Bracewell Shoemaker wrote:
> There was some previous discussion about possibly using a slightly
> simpler DNS based verification method on the list last time I posted
> this as an individual submission. After reading through the CABF BRs
On Sun, Jul 16, 2017 at 11:10:35PM -0700, Roland Bracewell Shoemaker wrote:
> On 07/16/2017 10:14 PM, Ilari Liusvaara wrote:
> > On Sun, Jul 16, 2017 at 04:29:20PM -0700, Roland Bracewell Shoemaker wrote:
>
> The most recent proposed language clarifies that any method which looks
> up a DNS name
On 07/16/2017 10:14 PM, Ilari Liusvaara wrote:
> On Sun, Jul 16, 2017 at 04:29:20PM -0700, Roland Bracewell Shoemaker wrote:
>> There was some previous discussion about possibly using a slightly
>> simpler DNS based verification method on the list last time I posted
>> this as an individual
On Sun, Jul 16, 2017 at 04:29:20PM -0700, Roland Bracewell Shoemaker wrote:
> There was some previous discussion about possibly using a slightly
> simpler DNS based verification method on the list last time I posted
> this as an individual submission. After reading through the CABF BRs for
> IP
There was some previous discussion about possibly using a slightly
simpler DNS based verification method on the list last time I posted
this as an individual submission. After reading through the CABF BRs for
IP validation I'm pretty sure the proposed solution (checking for a TXT
record in the
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Automated Certificate Management Environment
of the IETF.
Title : ACME IP Identifier Validation Extension
Author : Roland Bracewell Shoemaker
11 matches
Mail list logo