Re: [DNSOP] Question about usage of ip6.arpa and in-addr.arpa

Jim Reid <jim@rfc1035.com> Mon, 12 March 2018 23:12 UTC

Return-Path: <jim@rfc1035.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C3CD12D77A for <dnsop@ietfa.amsl.com>; Mon, 12 Mar 2018 16:12:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nPc1ATF3nM4L for <dnsop@ietfa.amsl.com>; Mon, 12 Mar 2018 16:12:39 -0700 (PDT)
Received: from shaun.rfc1035.com (smtp.v6.rfc1035.com [IPv6:2001:4b10:100:7::25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DDE17126D74 for <dnsop@ietf.org>; Mon, 12 Mar 2018 16:12:38 -0700 (PDT)
Received: from gromit.rfc1035.com (gromit.rfc1035.com [195.54.233.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by shaun.rfc1035.com (Postfix) with ESMTPSA id 2D2F1242147B; Mon, 12 Mar 2018 23:12:37 +0000 (UTC)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: Jim Reid <jim@rfc1035.com>
In-Reply-To: <0EE4F82D-AD7B-4D50-B415-6B5558B7E974@vpnc.org>
Date: Mon, 12 Mar 2018 23:12:36 +0000
Cc: dnsop WG <dnsop@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <7B867A66-4B80-4070-ACA9-7C94A63FBC17@rfc1035.com>
References: <B7531E71-AC04-4D40-86B0-74F2DCA92446@letsencrypt.org> <0EE4F82D-AD7B-4D50-B415-6B5558B7E974@vpnc.org>
To: Paul Hoffman <paul.hoffman@vpnc.org>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/oDQEa44J-EnIXHEvkVDc12qwk2M>
Subject: Re: [DNSOP] Question about usage of ip6.arpa and in-addr.arpa
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Mar 2018 23:12:42 -0000


> On 12 Mar 2018, at 17:37, Paul Hoffman <paul.hoffman@vpnc.org> wrote:
> 
> If the use case here is to be able to issue certificates for TLS servers based on the IP address instead of the domain name, creating something new in the DNS may be overkill. That is, why even have Section 4.1 of draft-ietf-acme-ip at all? What's wrong with only having direct HTTPS access?

Is web the only protocol that runs on the Internet now? I realise that might seem to be the case these days, but even so... :-)