[Acme] Alexey Melnikov's Discuss on draft-ietf-acme-ip-07: (with DISCUSS)
Alexey Melnikov via Datatracker <noreply@ietf.org> Sun, 29 September 2019 15:38 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: acme@ietf.org
Delivered-To: acme@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 4064C1200D6; Sun, 29 Sep 2019 08:38:00 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Alexey Melnikov via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-acme-ip@ietf.org, Daniel McCarney <cpu@letsencrypt.org>, acme-chairs@ietf.org, cpu@letsencrypt.org, acme@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.103.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Alexey Melnikov <aamelnikov@fastmail.fm>
Message-ID: <156977148025.21754.11632422153908365852.idtracker@ietfa.amsl.com>
Date: Sun, 29 Sep 2019 08:38:00 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/46Y3KryhTckY-E1-DJK4xmZebMc>
Subject: [Acme] Alexey Melnikov's Discuss on draft-ietf-acme-ip-07: (with DISCUSS)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Sep 2019 15:38:00 -0000
Alexey Melnikov has entered the following ballot position for draft-ietf-acme-ip-07: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-acme-ip/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Thank you for this document. I have a trivial thing I would like to discuss before recommending approval of this document: Section 3 of RFC 6066 says: "HostName" contains the fully qualified DNS hostname of the server, as understood by the client. The hostname is represented as a byte string using ASCII encoding without a trailing dot. However your example shows in Section 6: For the "tls-alpn-01" challenge the subjectAltName extension in the validation certificate MUST contain a single iPAddress that matches the address being validated. As [RFC6066] does not permit IP addresses to be used in the SNI extension HostName field the server MUST instead use the IN-ADDR.ARPA [RFC1034] or IP6.ARPA [RFC3596] reverse mapping of the IP address as the HostName field value instead of the IP address string representation itself. For example if the IP address being validated is 2001:db8::1 the SNI HostName field should contain "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d .0.1.0.0.2.ip6.arpa.". I.e. there is a trailing dot after “arpa”. Is the example wrong or am I missing something?
- [Acme] Alexey Melnikov's Discuss on draft-ietf-ac… Alexey Melnikov via Datatracker
- Re: [Acme] Alexey Melnikov's Discuss on draft-iet… Roland Shoemaker
- Re: [Acme] Alexey Melnikov's Discuss on draft-iet… Alexey Melnikov