[cabfpub] Ballot 202 - Underscore and Wildcard Characters
Erwann.Abalea at docusign.com
Wed Jul 26 01:54:08 MST 2017
Le 25 juil. 2017 à 21:25, Geoff Keating <geoffk at apple.com<mailto:geoffk at apple.com>> a écrit :
On 25 Jul 2017, at 12:01 pm, Peter Bowen via Public <public at cabforum.org<mailto:public at cabforum.org>> wrote:
F. In Section 1.6.1 of the Baseline Requirements, REPLACE the definition for "Reserved IP Address" with the following: An IPv4 or IPv6 address that the IANA has "False" for Globally Reachable in either of the IANA Special-Purpose IP Address Registries:
and the first of those links has 192.168.0.0/16 marked as ‘false’ for globally reachable. Now, it’s true that 220.127.116.11/32 is marked ‘true’ for globally reachable, but I don’t think that anyone should be able to authenticate themselves as controlling that address, so no CA would issue a certificate containing that address.
That’s a brave assumption. RFC6890 describes the 192.0.0.0/24 block as « Not usable unless by virtue of a more specific reservation » (Section 2.2.2, Table 7). Precisely what RFC7723 and RFC8155 do.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public