[Acme] Discussion of draft-ietf-acme-ip
Roland Bracewell Shoemaker <roland@letsencrypt.org> Thu, 16 November 2017 22:28 UTC
Return-Path: <roland@letsencrypt.org>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18F151271FD for <acme@ietfa.amsl.com>; Thu, 16 Nov 2017 14:28:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=letsencrypt.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cep22OlFb3UE for <acme@ietfa.amsl.com>; Thu, 16 Nov 2017 14:28:29 -0800 (PST)
Received: from mail-oi0-x22a.google.com (mail-oi0-x22a.google.com [IPv6:2607:f8b0:4003:c06::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0545E126BF3 for <acme@ietf.org>; Thu, 16 Nov 2017 14:28:28 -0800 (PST)
Received: by mail-oi0-x22a.google.com with SMTP id e142so425559oih.2 for <acme@ietf.org>; Thu, 16 Nov 2017 14:28:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=letsencrypt.org; s=google; h=to:from:subject:message-id:date:user-agent:mime-version :content-language:content-transfer-encoding; bh=2/+TDxAXGuesAu2wZXabkDScQ2jgbAJjHGV2UIWucVc=; b=Z8QckPrq1PXrcH/SOm/wIlMf5mMvT+/Bin4FFeCg7+7+0ugHlGtpd4W/LEfHdG6fIt 9UFtKrCAtCBThB2G4ejBiZVfMy1KzFRbPppgNHH36QwWSOisU/de9wF4+bAVRH3B8i/s s5MHWT+UEaUVo2nqjwynxFPujjgSX/AJOhpbI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version:content-language:content-transfer-encoding; bh=2/+TDxAXGuesAu2wZXabkDScQ2jgbAJjHGV2UIWucVc=; b=tui5mMLSm2bUz0ZQQmd6pFM3zlJ0X8YRwJEQztzG8BKVdj6hmXgdDrl3Rz7DFbpSIQ +QPQKpndrh6uEvFRmK09wYVVOEEM/8bbYQWbvbIB07xuUHN6OvTVAiArqeyq043Dp67n k2u2DqRquTsUowF9W1jjRKV+y++/V1prtLd6K9nUlHqhasW4hoOrZtMY2bBDNerkxFLV NLow80MI8mFO8TvYH5PtsSO5ER2sdYWT/XlI4JsBt9PGGrj/t1uFnazwJtayqmWPkawM p+EXz1XzBM7ynqHWE73BeiJ1vj2yC22Vp74hPbziRLJZcSS76A/e9eKQezExtnoR5nMb 5smw==
X-Gm-Message-State: AJaThX48haaoYV7BSfWajxUq/1mzFKE2n3oG6T8RS7/Wh0atIs4pIifr mnWkoG+by47W6KE4/Tkv+N7pgFB2Yw8=
X-Google-Smtp-Source: AGs4zMb8UrRaVX5znSRRFQNsDtRdcVbNUUJFZvi97bBpIR0UVyPwOxFCKUKg+VNF0ma7FjdHDA2MCg==
X-Received: by 10.202.228.70 with SMTP id b67mr2018709oih.283.1510871307834; Thu, 16 Nov 2017 14:28:27 -0800 (PST)
Received: from ?IPv6:2600:1700:b000:9780:644d:c698:ffb2:607f? ([2600:1700:b000:9780:644d:c698:ffb2:607f]) by smtp.gmail.com with ESMTPSA id r184sm854230oia.40.2017.11.16.14.28.26 for <acme@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 16 Nov 2017 14:28:27 -0800 (PST)
To: "acme@ietf.org" <acme@ietf.org>
From: Roland Bracewell Shoemaker <roland@letsencrypt.org>
Message-ID: <ff57fed6-c989-57ec-e7be-2e8eb8240fad@letsencrypt.org>
Date: Thu, 16 Nov 2017 14:28:25 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/ym8fiULxM6oP-RPv0A4deMtN6ww>
Subject: [Acme] Discussion of draft-ietf-acme-ip
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2017 22:28:31 -0000
Hey all, First off I'd like to apologize for requesting an agenda item then not making it to the meeting to discuss it. It seems that while I had the right time in my calendar I managed to get the wrong day. The point of the draft is to provide a method for validating the control of IP addresses in the same way that the ACME draft does for DNS names. This allows ACME implementing CAs to be on an equal footing with existing implementations. The draft does three major things * Adds a IP identifier type * Provides guidance on using http-01 and tls-sni-02 challenges for IP validation * Adds a new challenge, reverse-dns-01, which conforms with CABF B/R Section 3.2.2.5. The only major objection that was previously voiced revolved around the lack of a policy mechanism for allowing a IP/network owner to block issuance and that there should be some kind of default denial required. It is my opinion that this draft is the wrong place for CA policy to be dictated and the right place to fix this problem would be in a document implementing an lookup mechanism for CAA records for IP addresses (see draft-shoemaker-caa-ip). Any major thoughts/objections? If there are no significant hurdles I'd like to move towards getting this document finalized. Thanks, Roland
- [Acme] Discussion of draft-ietf-acme-ip Roland Bracewell Shoemaker
- Re: [Acme] Discussion of draft-ietf-acme-ip Jacob Hoffman-Andrews
- Re: [Acme] Discussion of draft-ietf-acme-ip Richard Barnes
- Re: [Acme] Discussion of draft-ietf-acme-ip Jacob Hoffman-Andrews