- From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
- Date: Fri, 18 Jun 2021 15:00:20 +0200
- To: John Mattsson <john.mattsson@ericsson.com>
- Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On Fri, Jun 18, 2021 at 12:30:17PM +0000, John Mattsson <john.mattsson@ericsson.com> wrote a message of 226 lines which said: > * IP addresses cannot be sent in SNI. > * IP addresses are not domain names. Indeed. RFC 6066, section 3 is clear 'Literal IPv4 and IPv6 addresses are not permitted in "HostName"."' I've seen at least one TLS server violently shutting down the connection when it received a literal IPv6 address in SNI (but not for IPv4). But in practice, it seems the robustness principle is widely applied and TLS servers accept literal IP addresses in SNI. Not really for this WG but it can be noted this is an issue for DoT (RFC 7858) and DoH (RFC 8484) since it is common to refer to DNS resolvers by IP address.
Received on Friday, 18 June 2021 13:01:31 UTC