Automated Certificate Management Environment (ACME) IP Identifier Validation Extension
draft-ietf-acme-ip-08

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: rdd@cert.org, draft-ietf-acme-ip@ietf.org, Daniel McCarney <cpu@letsencrypt.org>, The IESG <iesg@ietf.org>, acme@ietf.org, cpu@letsencrypt.org, acme-chairs@ietf.org, rfc-editor@rfc-editor.org
Subject: Protocol Action: 'ACME IP Identifier Validation Extension' to Proposed Standard (draft-ietf-acme-ip-08.txt)

The IESG has approved the following document:
- 'ACME IP Identifier Validation Extension'
  (draft-ietf-acme-ip-08.txt) as Proposed Standard

This document is the product of the Automated Certificate Management
Environment Working Group.

The IESG contact persons are Benjamin Kaduk and Roman Danyliw.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-acme-ip/


Technical Summary

The ACME-IP draft extends the Automatic Certificate Management Environment
(ACME) with support for IP address type identifiers in addition to DNS type
identifiers. The draft additionally specifies how the existing ACME challenge
types (HTTP-01 and DNS-01) and the ACME-TLS-ALPN challenge type (TLS-ALPN-01)
interact with IP address identifiers.

Working Group Summary

The description of using tls-alpn-01 for IP identifiers was fixed to respect RFC
6066's restriction on IP addresses in SNI by defining the ip-addr.arpa format to
use instead.

Earlier versions of the draft included a reverse-DNS challenge type. Within the
working group there were concerns raised about the accuracy of the reverse DNS
zone information that this challenge type relied on. A decision was made to
remove this challenge type from the draft to allow forward progress on the
remaining uncontroversial parts of the draft.


Document Quality

The document is short and concise. The interaction between the existing challenge
types interact this new identifier type is well specified. I am not aware of any
existing implementations but at least one ACME server operator (Let's Encrypt)
intends to implement the draft in a test capacity (with the Pebble ACME server)
in the near future.

Personnel

The document shepard is Daniel McCarney. 
The responsible area director is Roman Danyliw.