[cabfpub] Proposed new ballot on IP Addresses in SANs

Ryan Sleevi sleevi at google.com
Fri Apr 22 23:26:57 UTC 2016

On Fri, Apr 22, 2016 at 3:50 PM, Peter Bowen <pzb at amzn.com> wrote:

> Thanks for clarifying this.  I thought you were referring to an email from
> 8 months ago, which attributed a slightly different solution to you:
> https://groups.google.com/d/msg/mozilla.dev.security.policy/Av6oZxbjvB4/H6s9OVegBwAJ

https://cabforum.org/pipermail/public/2015-August/005851.html , as pointed
out by Wayne , and which emphasized the "single IP" solution (as I pointed
out in my reply)

> As long as the server either only has one IP address or can switch which
> certificate it offers based on IP address, then you are completely right —
> this is a fully viable solution and is the right solution, IMHO.

Thanks for that consideration. What is missing, and has remained missing,
is any understanding why that solution doesn't work. It may be that there's
legitimate reasons it won't - but there hasn't been any details or data
about this, other than Jeremy's remarks, but for which sound like they're
responding to a different proposal than what was put forth.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160422/f362e78b/attachment-0003.html>

More information about the Public mailing list