I am having a bit of a hard time seeing the point of WebPKI IP certificates because most of the devices I deploy are on private networks and private addresses. If I have an address on the public network, it will almost certainly have at least one DNS name.
The only case where I would be using an IP address in a cert are cases where I can't get DNS binding for some reason, for example the backhaul from my reverse proxy to the Web sites. And I really can't see myself having rDNS in those cases let alone being able to respond to a DNS challenge. I am having real problems understanding what CAA would be doing either. On Thu, Jan 16, 2025 at 2:54 PM Q Misell <q=40as207960....@dmarc.ietf.org> wrote: > Moin, > > As I'm sure many of you have already noticed Let's Encrypt have announced > support for IP certs: > https://letsencrypt.org/2025/01/16/6-day-and-ip-certs/ > > There are two comments in this blog post that interest me: > 1) The dns-01 challenge type will not be available because the DNS is not > involved in validating IP addresses. > 2) There is no mechanism to check CAA records for IP addresses. > > On the first point, is there perhaps interest in the WG for doing dns-01 > for rDNS? > > On the second, is there interest in the WG for continuing work on CAA for > IP addresses started in draft-chariton-ipcaa-00 > <https://datatracker.ietf.org/doc/draft-chariton-ipcaa/>? > > Q > > p.s. congrats to Let's Encrypt on getting this work done so far, keep up > the good work! > ------------------------------ > > Any statements contained in this email are personal to the author and are > not necessarily the statements of the company unless specifically stated. > AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace, > Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company > registered in Wales under № 12417574 > <https://find-and-update.company-information.service.gov.uk/company/12417574>, > LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876 > <https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: GB378323867. > EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №: > 522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru > maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca > Digital, is a company registered in Estonia under № 16755226. Estonian VAT > №: EE102625532. Glauca Digital and the Glauca logo are registered > trademarks in the UK, under № UK00003718474 and № UK00003718468, > respectively. > _______________________________________________ > Acme mailing list -- acme@ietf.org > To unsubscribe send an email to acme-le...@ietf.org >
_______________________________________________ Acme mailing list -- acme@ietf.org To unsubscribe send an email to acme-le...@ietf.org
