[saag] shorthand for iPAddress subjectAltName?

Benjamin Kaduk <kaduk@mit.edu> Tue, 29 September 2020 23:00 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 07E7B3A1392 for <saag@ietfa.amsl.com>; Tue, 29 Sep 2020 16:00:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id OYqTnvnKUe2L for <saag@ietfa.amsl.com>; Tue, 29 Sep 2020 16:00:15 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED24F3A1395 for <saag@ietf.org>; Tue, 29 Sep 2020 16:00:14 -0700 (PDT)
Received: from kduck.mit.edu ([]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 08TN0BW3009485 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <saag@ietf.org>; Tue, 29 Sep 2020 19:00:13 -0400
Date: Tue, 29 Sep 2020 16:00:10 -0700
From: Benjamin Kaduk <kaduk@mit.edu>
To: saag@ietf.org
Message-ID: <20200929230010.GC89563@kduck.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.12.1 (2019-06-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/1JJ6VMFeFTQYaO2SN9oDCFlm2Eo>
Subject: [saag] shorthand for iPAddress subjectAltName?
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Sep 2020 23:00:16 -0000

Hi all,

RFC 6125 defines a number of "identifier type"s for X.509 certificate
naming fields, e.g., DNS-ID for dNSName, etc., but does not list one for
the iPAddress SAN.  Having such a term seems like it would be useful in
order to have a parallel expository structure when referring to (e.g.)
DNS-ID and <other-thing>.  I'm currently reviewing a document that proposes
NETWORK-ID (for "network address") but am planning to counter-propose
"IPADDR-ID".  Does anyone else have thoughts on what a good practice here
would be?