On 7/7/22 3:40 AM, tom petch wrote:
On 06/07/2022 15:14, Valery Smyslov wrote:
Hi Peter,
On 7/6/22 12:41 AM, Valery Smyslov wrote:
Hi Martin,
The chairs think that the rough consensus is to limit the scope of
the
draft to domain names
(with the pointer to the HTTP RFC as advise for protocols that
support
IP addresses).
Is this the consensus of the chairs, or was there some discussion
that I missed?
We discussed this with Leif going back to the history of RFC 6125.
The text explicitly limiting the scope of the document to domain names
first appeared in draft-saintandre-tls-server-id-check-05 back in 2010
and was kept in RFC 6125. At the time the 6125bis draft was adopted
there was no intention to widen the scope of RFC 6125.
I agree that there is no consensus to include changes, but I don't
see any input other than from Rich
(and
I guess now yourself).
Peter also participated in the discussion and from our point of view
he supported Rich's position.
We also waited a bit for others to chime in.
I'm actually not opposed to adding support for IP addresses - my only
concern was performing major surgery on the document, so I wanted to
think about what changes we would need to make. At the time that Jeff
and I worked on RFC 6125, we were not aware of widespread use of IP
addresses in PKIX certificates. If the deployment situation has changed
(as indicated by RFC 9110), then I am open to adding IP-IDs to 6125bis.
OK, sorry for misinterpreting your response.
Just to reiterate the chairs' position. We think that describing the
handling of non-domain based names
(like IP-ID) is a good idea, but at the same time we think that it
would require quite a lot
of changes to the current document,
Martin sketched that out here:
https://github.com/richsalz/draft-ietf-uta-rfc6125bis/pull/54/files
I don't think it's *too* bad.
that would slow down its progress.
What's the hurry? It's been 10+ years since we published RFC 6125, I
don't think a few more weeks will make a big difference.
Then, we'd like to hear from WG members:
whether the scope of rfc6125bis draft should be broaden
to include non-domain names, like IP addresses
(at the cost of delaying its publication) or this issue
should be addressed in a separate document.
Separate document for IP addresses. RFC6125 was based on a
comprehensive survey of what IETF protocols were doing in this space and
I have not seen much change there. Security moves relentlessly on and
so an up-to-date guide is worthwhile.
IP addresses do get used but probably not on the large Internet web
servers, rather in Enterprise. (I wondered if the Internet of Things
will go down that route).
Whatever, a different use case, a different environment, a different RFC
IMHO.
That seems like a valid approach. I'm not wedded to including this
content in 6125bis, although I'm open to doing so if that's the sense of
the WG. I'd also be happy to co-author the separate document for IP
addresses (it should be relatively short), with the understanding that
perhaps the two documents would be merged whenever the IETF works on
6125ter.
Peter
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
