Shepherd writeup
draft-ietf-acme-ip-06

# Technical Summary

The ACME-IP draft extends the Automatic Certificate Management Environment
(ACME) with support for IP address type identifiers in addition to DNS type
identifiers. The draft additionally specifies how the existing ACME challenge
types (HTTP-01 and DNS-01) and the ACME-TLS-ALPN challenge type (TLS-ALPN-01)
interact with IP address identifiers.

# Working Group Summary

The description of using tls-alpn-01 for IP identifiers was fixed to respect RFC
6066's restriction on IP addresses in SNI by defining the ip-addr.arpa format to
use instead.

Earlier versions of the draft included a reverse-DNS challenge type. Within the
working group there were concerns raised about the accuracy of the reverse DNS
zone information that this challenge type relied on. A decision was made to
remove this challenge type from the draft to allow forward progress on the
remaining uncontroversial parts of the draft.

# Document Quality

The document is short and concise. The interaction between the existing challenge
types interact this new identifier type is well specified. I am not aware of any
existing implementations but at least one ACME server operator (Let's Encrypt)
intends to implement the draft in a test capacity (with the Pebble ACME server)
in the near future.

# Personnel

The document shepard is Daniel McCarney. The responsible area director is Eric
Rescorla.

# IRTF Note

Not applicable

# IESG Note

Not applicable

# IANA Note

There are two IANA considerations in Section 5. Both the "ACME Identifier Types"
table as well as the "ACME Validation Methods" table require updates.
Back