
<html>


<head>


<meta http-equiv="Content-Type" content="text/html; charset=utf-8">


</head>


<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">


<div class="">Bonjour,</div>


<br class="">


<div>


<blockquote type="cite" class="">


<div class="">Le 25 juil. 2017 à 21:25, Geoff Keating <<a href="mailto:geoffk@apple.com" class="">geoffk@apple.com</a>> a écrit :</div>


<br class="Apple-interchange-newline">


<div class="">


<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">


<br class="">


<div class="">


<blockquote type="cite" class="">


<div class="">On 25 Jul 2017, at 12:01 pm, Peter Bowen via Public <<a href="mailto:public@cabforum.org" class="">public@cabforum.org</a>> wrote:</div>


</blockquote>


</div>


</div>


</div>


</blockquote>


<div><br class="">


</div>


<div>[…]</div>


<br class="">


<blockquote type="cite" class="">


<div class="">


<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">


<div class="">


<div class="">


<blockquote type="cite" class="">


<div class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">


<div class="">


<blockquote type="cite" class="">


<div class="">


<div class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">


<div class="">


<div class="">


<blockquote type="cite" class="">


<div class="">


<div class="WordSection1" style="page: WordSection1; font-variant-ligatures: normal; font-variant-east-asian: normal; font-variant-position: normal; line-height: normal;">


<p class="line874" style="margin-right: 0in; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">


F. In Section 1.6.1 of the Baseline Requirements, REPLACE the definition for "Reserved IP Address" with the following: An IPv4 or IPv6 address that the IANA has "False" for Globally Reachable in either of the IANA Special-Purpose IP Address Registries: <o:p class=""></o:p></p>


<p class="line867" style="margin-right: 0in; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">


<a href="https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml" class="" style="color: rgb(149, 79, 114);">https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml</a> or <o:p class=""></o:p></p>


<p class="line867" style="margin-right: 0in; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif;">


<a href="https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml" class="" style="color: rgb(149, 79, 114);">https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml</a><o:p class=""></o:p></p>


</div>


</div>


</blockquote>


</div>


</div>


</div>


</div>


</blockquote>


</div>


</div>


</blockquote>


<br class="">


</div>


<div class="">and the first of those links has 192.168.0.0/16 marked as ‘false’ for globally reachable.  Now, it’s true that 192.0.0.9/32 is marked ‘true’ for globally reachable, but I don’t think that anyone should be able to authenticate themselves as controlling


 that address, so no CA would issue a certificate containing that address.</div>


</div>


</div>


</div>


</blockquote>


</div>


<br class="">


<div class="">That’s a brave assumption. RFC6890 describes the 192.0.0.0/24 block as « Not usable unless by virtue of a more specific reservation » (Section 2.2.2, Table 7). Precisely what RFC7723 and RFC8155 do.</div>


<div class=""><br class="">


</div>


</body>


</html>