On 6/30/22 8:18 AM, Salz, Rich wrote:
A reference identity of type IP-ID matches if the address is
identical to an iPAddress value of the subjectAltName extension of
the certificate.
My concern about this is what I stated before. This document, and its
predecessor, clearly state that they are about domain names. In particular,
fully-qualified ones.
Adding IP address is likely to have rippling effects throughout the document. For example, much of the Applicability section would need to be revised, the simple summary of the rules and the detailed processing sections need an "escape hatch", and so on.
Yes, I was thinking about this after I last posted and it would indeed
require some revisions throughout the document. Perhaps those changes
would not be huge, but they might be widespread. And I always worry
about making widespread changes late in the process.
I believe this document could just point to the HTTP RFC as advise for
protocols that support IP addresses, as I have also said.
That might work.
We have not yet seen that there is WG consensus to accommodate Martin's point.
Can the chairs handle that? If there is consensus, then the wording needs to
be discussed and the WGLC should be re-started.
+1
Peter
_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta
