If I start with a name, translate that to an IP Address, make a TLS connection to that system, I expect to get a certificate that matches the name. But that translation step adds another layer of security considerations.
Is it practical to bypass the DNS lookup and use a certificate for the IP Address? Is there an option I can give to something like getaddrinfo() that says require DNSSEC? What fraction of the world is using DNSSEC and/or pays attention if somebody else uses it? -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
