[cabfpub] Proposed new ballot on IP Addresses in SANs
Ryan Sleevi
sleevi at google.com
Fri Apr 22 16:26:57 MST 2016
On Fri, Apr 22, 2016 at 3:50 PM, Peter Bowen <pzb at amzn.com> wrote:
> Thanks for clarifying this. I thought you were referring to an email from
> 8 months ago, which attributed a slightly different solution to you:
> https://groups.google.com/d/msg/mozilla.dev.security.policy/Av6oZxbjvB4/H6s9OVegBwAJ
https://cabforum.org/pipermail/public/2015-August/005851.html , as pointed
out by Wayne , and which emphasized the "single IP" solution (as I pointed
out in my reply)
> As long as the server either only has one IP address or can switch which
> certificate it offers based on IP address, then you are completely right —
> this is a fully viable solution and is the right solution, IMHO.
>
Thanks for that consideration. What is missing, and has remained missing,
is any understanding why that solution doesn't work. It may be that there's
legitimate reasons it won't - but there hasn't been any details or data
about this, other than Jeremy's remarks, but for which sound like they're
responding to a different proposal than what was put forth.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20160422/f362e78b/attachment-0001.html
More information about the Public
mailing list