On 12 Mar 2018, at 16:12, Jim Reid wrote:
On 12 Mar 2018, at 17:37, Paul Hoffman <paul.hoff...@vpnc.org> wrote:
If the use case here is to be able to issue certificates for TLS
servers based on the IP address instead of the domain name, creating
something new in the DNS may be overkill. That is, why even have
Section 4.1 of draft-ietf-acme-ip at all? What's wrong with only
having direct HTTPS access?
Is web the only protocol that runs on the Internet now? I realise that
might seem to be the case these days, but even so... :-)
For which other protocols did you want certificates with IP addresses as
identifiers? If your list is longer than zero, are you willing to help
Roland with a solution using DNS records for validation that has any
chance of being usable? (No smiley here.)
--Paul Hoffman
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop