[cabfpub] Ballot 202 - Underscore and Wildcard Characters

Erwann Abalea Erwann.Abalea at docusign.com
Wed Jul 26 01:54:08 MST 2017


Bonjour,

Le 25 juil. 2017 à 21:25, Geoff Keating <geoffk at apple.com<mailto:geoffk at apple.com>> a écrit :


On 25 Jul 2017, at 12:01 pm, Peter Bowen via Public <public at cabforum.org<mailto:public at cabforum.org>> wrote:

[…]


F. In Section 1.6.1 of the Baseline Requirements, REPLACE the definition for "Reserved IP Address" with the following: An IPv4 or IPv6 address that the IANA has "False" for Globally Reachable in either of the IANA Special-Purpose IP Address Registries:

https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml or

https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml

and the first of those links has 192.168.0.0/16 marked as ‘false’ for globally reachable.  Now, it’s true that 192.0.0.9/32 is marked ‘true’ for globally reachable, but I don’t think that anyone should be able to authenticate themselves as controlling that address, so no CA would issue a certificate containing that address.

That’s a brave assumption. RFC6890 describes the 192.0.0.0/24 block as « Not usable unless by virtue of a more specific reservation » (Section 2.2.2, Table 7). Precisely what RFC7723 and RFC8155 do.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170726/e2a75b06/attachment.html>


More information about the Public mailing list