Re: Working Group Last Call for draft-ietf-httpbis-expect-ct-05

On Tue, Jun 5, 2018 at 5:55 AM, Martin Thomson <>

> On Mon, Jun 4, 2018 at 10:56 PM Emily Stark <> wrote:
> > Might have been blindly cribbed from HSTS/HPKP -- I don't remember
> discussing it specifically for Expect-CT. Filed
> http-extensions/issues/637
> Thanks.
> >> CAs can (and do) issue IP certificates, so why does this specifically
> >> exclude those?  If this is a requirement imposed by CT, then please
> >> cite that.  Otherwise, I think that this should allow IP literals.
> >
> >
> > This was also cribbed from HSTS/HPKP. I'll try to find out the
> motivation for including it in those specs; I'm a little wary of dropping
> it from Expect-CT without understanding why it's there for the other two...
> There was some confusion about the status of IP certificates at some
> points in the past.  I don't think that it is necessary to concern
> this spec with the types of identifier that need to be covered.

Right, that's listed in for
HSTS, and as HPKP originally started as an option of HSTS, it retained that
functionality. The difficulty in both interoperability (in clients) and
obtaining an IP certificate (by servers)

Received on Wednesday, 6 June 2018 11:48:12 UTC