[cabf_validation] IP Address Validation Ballot
Tim Hollebeek
THollebeek at trustwave.com
Thu Feb 9 09:23:54 MST 2017
Not really.
(1) Adding TXT to the IP address reverse lookup record works even if there is no PTR record specifying a DNS name
(2) It's less work to just validate the IP address record directly instead of having to reverse lookup then validate the name record, and the added complexity adds no value.
From: Jeremy Rowley [mailto:jeremy.rowley at digicert.com]
Sent: Thursday, February 09, 2017 11:21 AM
To: Tim Hollebeek; CA/Browser Forum Validation WG List
Subject: RE: IP Address Validation Ballot
Right - but isn't that already covered under the reverse lookup section?
From: Tim Hollebeek [mailto:THollebeek at trustwave.com]
Sent: Thursday, February 9, 2017 9:18 AM
To: CA/Browser Forum Validation WG List <validation at cabforum.org<mailto:validation at cabforum.org>>
Cc: Jeremy Rowley <jeremy.rowley at digicert.com<mailto:jeremy.rowley at digicert.com>>
Subject: RE: IP Address Validation Ballot
Since we've already moved on on the call, I'll mention this by email.
Contrary to the suggestion that there is no DNS record for an IP, you *could* actually do DNS-based validation for IP addresses, by adding/modifying a TXT record on the reverse lookup DNS entry for the IP. If you can do that, you obviously can also validate via 3.2.2.5.2, so we might as well allow it.
-Tim
From: Validation [mailto:validation-bounces at cabforum.org] On Behalf Of Jeremy Rowley via Validation
Sent: Thursday, February 09, 2017 10:52 AM
To: CA/Browser Forum Validation WG List
Cc: Jeremy Rowley
Subject: [cabf_validation] IP Address Validation Ballot
________________________________
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
________________________________
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20170209/538b270c/attachment-0001.html>
More information about the Validation
mailing list