On 12 Mar 2018, at 16:41, Jim Reid wrote:
On 12 Mar 2018, at 23:27, Paul Hoffman <paul.hoff...@vpnc.org> wrote:
For which other protocols did you want certificates with IP addresses
as identifiers?
I think these may be needed for SIP, particularly roving (nameless)
clients. And quite possibly for P2P applications.
How could you use ACME to validate the IP address of a roving client or
a P2P application that has no fixed IP address?
Having said that:
On 12 Mar 2018, at 16:43, Paul Vixie wrote:
we need to use TLS to secure both dns-over-https and some forms of
TCP/53 in
which the server's address is known but not its name.
This seems like a reasonable use case.
If your list is longer than zero, are you willing to help Roland with
a solution using DNS records for validation that has any chance of
being usable?
Yes, I’d be willing to work with Roland on at least finding and
documenting likely use cases. Are you? Whether we (or others) can then
come up with something that has any chance of being usable is another
matter.
Exactly. Given the difficulty of getting stable in-addr.arpa and
ipv6.arpa records at all, being able to write a TXT record into them
seems completely unstable. Thus, "temporarily put up a web server where
you were going to put up the DNS (or other) server" seems the most
likely to work reliably. If you have other ideas, that's great.
--Paul Hoffman
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
