On Fri, 27 Nov 2020 23:43:42 -0500 Keith Moore <mo...@network-heretics.com> wrote:
> I'm aware of that. But what really is the point of a cert > (especially one issued by a public CA) that has an RFC1918 address as > its subject? Not that it matters that much because the vast majority > of sites using embedded systems aren't going to bother with them. > Most of those systems probably don't support cert installation by > customers anyway. You won't get such a certificate from a public CA (presumably meaning a CA issuing in the Web PKI). They're subject to the CA/B Baseline Requirements which explicitly forbid this (in 7.1.4.2.1): CAs SHALL NOT issue certificates with a subjectAltName extension or subject:commonName field containing a Reserved IP Address or Internal Name. As I understand it the purpose of the IETF is to develop and promote Internet standards, to the extent that people enjoy using some of these standards to do things that aren't part of the Network they are welcome but it doesn't make sense for the IETF to focus on these uses. As an IETF draft the die-die-die work addresses the Internet, and it seems to me that ekr's assessment is entirely correct in that context. Nick. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
