[Acme] Alexey Melnikov's Discuss on draft-ietf-acme-ip-07: (with DISCUSS)

Alexey Melnikov via Datatracker <noreply@ietf.org> Sun, 29 September 2019 15:38 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: acme@ietf.org
Delivered-To: acme@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 4064C1200D6; Sun, 29 Sep 2019 08:38:00 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Alexey Melnikov via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-acme-ip@ietf.org, Daniel McCarney <cpu@letsencrypt.org>, acme-chairs@ietf.org, cpu@letsencrypt.org, acme@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.103.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Alexey Melnikov <aamelnikov@fastmail.fm>
Message-ID: <156977148025.21754.11632422153908365852.idtracker@ietfa.amsl.com>
Date: Sun, 29 Sep 2019 08:38:00 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/46Y3KryhTckY-E1-DJK4xmZebMc>
Subject: [Acme] Alexey Melnikov's Discuss on draft-ietf-acme-ip-07: (with DISCUSS)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Sep 2019 15:38:00 -0000

Alexey Melnikov has entered the following ballot position for
draft-ietf-acme-ip-07: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-acme-ip/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

Thank you for this document.

I have a trivial thing I would like to discuss before recommending approval of this document:

Section 3 of RFC 6066 says:
   "HostName" contains the fully qualified DNS hostname of the server,
   as understood by the client.  The hostname is represented as a byte
   string using ASCII encoding without a trailing dot.

However your example shows in Section 6:

   For the "tls-alpn-01" challenge the subjectAltName extension in the
   validation certificate MUST contain a single iPAddress that matches
   the address being validated.  As [RFC6066] does not permit IP
   addresses to be used in the SNI extension HostName field the server
   MUST instead use the IN-ADDR.ARPA [RFC1034] or IP6.ARPA [RFC3596]
   reverse mapping of the IP address as the HostName field value instead
   of the IP address string representation itself.  For example if the
   IP address being validated is 2001:db8::1 the SNI HostName field
   should contain "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d
   .0.1.0.0.2.ip6.arpa.".

I.e. there is a trailing dot after “arpa”. Is the example wrong or am I missing something?