There are cases where a cert covering both a dns name and its matching ip addresses has value. With SIP, for instance, it is common that urls have ip rather than dns. Remote validation therefore requires those address(es) in the certs.
Even though web sites are the primary target, enabling other tls usages is desirable. Especially when it is reasonably easy. (And I'll note that many SIP servers speak http, too. Both for things like webrtc, but also for control/monitoring and the like. They may also create custom per-call web pages for sip phones to display when ringing. All of which benefit from -- or even require -- https. So using acme to get certs for them is reasonable and can use the same auth methods acme uses for web servers.) Will acme support CSRs with not just dns names in subjectAltNames, but also ip addresses? Verifying that the dns name(s) resolve to the ip address(es) is reasonable in such cases. -JimC -- James Cloos <[email protected]> OpenPGP: 0x997A9F17ED7DAEA6 _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
