Hey all, First off I'd like to apologize for requesting an agenda item then not making it to the meeting to discuss it. It seems that while I had the right time in my calendar I managed to get the wrong day.
The point of the draft is to provide a method for validating the control of IP addresses in the same way that the ACME draft does for DNS names. This allows ACME implementing CAs to be on an equal footing with existing implementations. The draft does three major things * Adds a IP identifier type * Provides guidance on using http-01 and tls-sni-02 challenges for IP validation * Adds a new challenge, reverse-dns-01, which conforms with CABF B/R Section 3.2.2.5. The only major objection that was previously voiced revolved around the lack of a policy mechanism for allowing a IP/network owner to block issuance and that there should be some kind of default denial required. It is my opinion that this draft is the wrong place for CA policy to be dictated and the right place to fix this problem would be in a document implementing an lookup mechanism for CAA records for IP addresses (see draft-shoemaker-caa-ip). Any major thoughts/objections? If there are no significant hurdles I'd like to move towards getting this document finalized. Thanks, Roland _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
