[cabfpub] Proposed new ballot on IP Addresses in SANs
Doug Beattie
doug.beattie at globalsign.com
Thu Apr 21 13:06:37 MST 2016
One might change the proposal, to require that if an IP is present in the dNSName SAN, then it MUST ALSO be present in an iPAddress SAN. That is, a BR conforming cert would have to encode as:
commonName:8.8.8.8
subjectAltName:
dNSName:8.8.8.8
iPAddress:8.8.8.8
Ryan – This sounds like a possible solution. Would you support a ballot that allows the issuance of BR compliant certificates containing IP addresses in the dNSName if and only if the same value is also in an iPAddress SAN field? This comment was within the contest of Name Constraints, so I could be misinterpreting your suggestion.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20160421/287d114d/attachment-0001.html
More information about the Public
mailing list