Re: Question regarding HTTP/2, SNI, and IP addresses from Stephane Bortzmeyer on 2021-06-18 (ietf-http-wg@w3.org from April to June 2021)

From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Date: Fri, 18 Jun 2021 15:00:20 +0200
To: John Mattsson <john.mattsson@ericsson.com>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <20210618130020.GA20059@nic.fr>

On Fri, Jun 18, 2021 at 12:30:17PM +0000,
 John Mattsson <john.mattsson@ericsson.com> wrote 
 a message of 226 lines which said:

>   *   IP addresses cannot be sent in SNI.
>   *   IP addresses are not domain names.

Indeed. RFC 6066, section 3 is clear 'Literal IPv4 and IPv6 addresses
are not permitted in "HostName"."' I've seen at least one TLS server
violently shutting down the connection when it received a literal IPv6
address in SNI (but not for IPv4). But in practice, it seems the
robustness principle is widely applied and TLS servers accept literal
IP addresses in SNI.

Not really for this WG but it can be noted this is an issue for DoT
(RFC 7858) and DoH (RFC 8484) since it is common to refer to DNS
resolvers by IP address.

Received on Friday, 18 June 2021 13:01:31 UTC