[cabfpub] [EXT] IP address validation proposal

Rick Andrews Rick_Andrews at symantec.com
Sat Mar 25 03:53:51 UTC 2017


Jeremy,

 

When you say "using at least one of the methods listed below" I think you
mean 3.2.2.5.*, but it wouldn't hurt to explicitly state the section numbers
describing the allowed methods.

 

"Note: IP Addresses are listed in Subscriber Certificates using iPAddress in
the subjectAltName extension

or in Subordinate CA Certificates via iPAddress field in the
permittedSubtress in the Name Constraints

extension." They can also appear in the excludedSubtrees extension. (3.2.2.4
could also be updated to mention excludedSubtrees.)

 

"a Regional Internet Registry (RIPE, APNIC, ARIN, AfriNIC, LACNIC)". Is this
an exhaustive list? If not, we should add "etc" or some other indication
that it's not exhaustive.

 

"confirming the presence of a Request Token or Random Value contained in the
content of a file or

webpage in the form of a meta tag of the following." I've always had trouble
parsing this - is a meta tag required? Depends on whether you interpret it
as:

-          ".contained in the content of a file, or webpage in the form of a
meta tag, of the following."

-          ".contained in the content of a (file or webpage) in the form of
a meta tag of the following."

I prefer the former interpretation, because I see no harm in just using a
file with no HTML in it. How do you interpret it?

 

3.2.2.5.6 The simplistic shell command example at the end is incomplete.

 

-Rick

 

 

From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Jeremy Rowley
via Public
Sent: Thursday, March 23, 2017 6:10 PM
To: CA/Browser Forum Public Discussion List <public at cabforum.org>
Cc: Jeremy Rowley <jeremy.rowley at digicert.com>
Subject: [EXT] [cabfpub] IP address validation proposal

 

This is the proposed permitted procedures for IP Address validation and
removes the "any other method" section. Looking forward to your comments.

 

Jeremy

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170325/33e16484/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5725 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170325/33e16484/attachment-0001.p7s>


More information about the Public mailing list