<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
<br>
<div class="moz-cite-prefix">On 4/2/2021 5:49 μ.μ., Ryan Sleevi
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CACvaWvaURxeVGY7qYqgE6CHxzsTj2C44JQ+Ae=9SvRYX+QH6xw@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div dir="ltr"><br>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu, Feb 4, 2021 at 2:24
AM Dimitris Zacharopoulos (HARICA) via Servercert-wg <<a
href="mailto:servercert-wg@cabforum.org"
moz-do-not-send="true">servercert-wg@cabforum.org</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div> I would like to propose an amendment to the definition
"IP Address Contact". Following the example of a "Domain
Contact", for consistency we should allow a CA to use the
DNS SOA record as IP Address Contact information.<br>
<br>
Current definition:<br>
<br>
<i><strong>IP Address Contact</strong></i><i>: The
person(s) or entity(ies) registered with an IP Address
Registration Authority as having the right to control
how one or more IP Addresses are used.</i><br>
<br>
Proposed new definition:<br>
<i><br>
</i><i><strong>IP Address Contact</strong></i><i>: The
person(s) or entity(ies) registered with an IP Address
Registration Authority<font color="#ff0000"> or in a DNS
SOA record</font> as having the right to control how
one or more IP Addresses are used.</i><br>
<br>
Are there any objections or concerns with this proposal?<br>
</div>
</blockquote>
<div><br>
</div>
<div>Yes.</div>
<div><br>
</div>
<div>IP Addresses do not have DNS SOA records. What you're
proposing doesn't make sense (as specified).</div>
</div>
</div>
</blockquote>
<br>
Well, the idea was to do a Reverse lookup<br>
<br>
For example, search for 93.184.216.34.<br>
<br>
dig 34.216.184.93.in-addr.arpa<br>
<br>
; <<>> DiG 9.11.3-1ubuntu1.13-Ubuntu <<>>
34.216.184.93.in-addr.arpa<br>
;; global options: +cmd<br>
;; Got answer:<br>
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id:
23163<br>
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1<br>
<br>
;; OPT PSEUDOSECTION:<br>
; EDNS: version: 0, flags:; udp: 4096<br>
;; QUESTION SECTION:<br>
;34.216.184.93.in-addr.arpa. IN A<br>
<br>
;; AUTHORITY SECTION:<br>
216.184.93.in-addr.arpa. 520 IN SOA ns1.edgecastcdn.net.
<b>noc.edgecast.com</b>. 1589310095 3600 600 604800 600<br>
<br>
;; Query time: 76 msec<br>
;; SERVER: 192.168.10.254#53(192.168.10.254)<br>
;; WHEN: Thu Feb 04 18:10:02 EET 2021<br>
;; MSG SIZE rcvd: 126<br>
<br>
would allow a CA to send an email to <a class="moz-txt-link-abbreviated" href="mailto:noc@edgecast.com">noc@edgecast.com</a> using method
3.2.2.5.2, similarly as it would work for 3.2.2.4.2.<br>
<br>
<br>
<blockquote type="cite"
cite="mid:CACvaWvaURxeVGY7qYqgE6CHxzsTj2C44JQ+Ae=9SvRYX+QH6xw@mail.gmail.com">
<div dir="ltr">
<div class="gmail_quote">
<div><br>
</div>
<div>It's also not clear to me the motivation of why. I'm
hoping you can elaborate if there are more concrete
arguments in favor other than "for consistency". For
example, an explanation of use cases that are otherwise
unmet without this change, particularly since it'll require
careful language to ensure it does what I believe you're
trying to do, but which is not yet specified to do so :) </div>
</div>
</div>
</blockquote>
<br>
I consider this a secure method of contacting the entity that
controls/owns the IP address space, just as the SOA can be used for
forward Domain Name lookups as part of 3.2.2.4.2.<br>
<br>
I hope this helps. Is this what you believe I was trying to do? I
must agree about the "as specified" comment, it probably needs some
language skills to describe the reverse lookup for an IPv4 and IPv6.<br>
<br>
<br>
Dimitris.<br>
</body>
</html>