Hi Roland, > On 1 Oct 2019, at 01:32, Roland Shoemaker <[email protected]> wrote: > > Thanks for the review. Good catch on the FQDN, this looks like it was just an > error in the example. I’ll push up a revision addressing this.
Thank you. I will clear my DISCUSS. > >> On Sep 29, 2019, at 8:38 AM, Alexey Melnikov via Datatracker >> <[email protected]> wrote: >> >> Alexey Melnikov has entered the following ballot position for >> draft-ietf-acme-ip-07: Discuss >> >> When responding, please keep the subject line intact and reply to all >> email addresses included in the To and CC lines. (Feel free to cut this >> introductory paragraph, however.) >> >> >> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html >> for more information about IESG DISCUSS and COMMENT positions. >> >> >> The document, along with other ballot positions, can be found here: >> https://datatracker.ietf.org/doc/draft-ietf-acme-ip/ >> >> >> >> ---------------------------------------------------------------------- >> DISCUSS: >> ---------------------------------------------------------------------- >> >> Thank you for this document. >> >> I have a trivial thing I would like to discuss before recommending approval >> of this document: >> >> Section 3 of RFC 6066 says: >> "HostName" contains the fully qualified DNS hostname of the server, >> as understood by the client. The hostname is represented as a byte >> string using ASCII encoding without a trailing dot. >> >> However your example shows in Section 6: >> >> For the "tls-alpn-01" challenge the subjectAltName extension in the >> validation certificate MUST contain a single iPAddress that matches >> the address being validated. As [RFC6066] does not permit IP >> addresses to be used in the SNI extension HostName field the server >> MUST instead use the IN-ADDR.ARPA [RFC1034] or IP6.ARPA [RFC3596] >> reverse mapping of the IP address as the HostName field value instead >> of the IP address string representation itself. For example if the >> IP address being validated is 2001:db8::1 the SNI HostName field >> should contain "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d >> .0.1.0.0.2.ip6.arpa.". >> >> I.e. there is a trailing dot after “arpa”. Is the example wrong or am I >> missing something? >> >> >> >> > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
