Hello, >From my understanding, one of the main use cases for this could be hosting DoT or DoH DNS servers. By utilizing IP address certificates, clients can bootstrap connections to these servers without relying on insecure DNS requests. Setting up rDNS might seem a bit more complex, but with the current state of technology, securing a provider-independent IPv6 range has become relatively easy and affordable.
For self-hosters, it’s definitely feasible to acquire an IPv6 range, set up CAA records in rDNS, and issue IP certificates for their self-hosted DNS servers. Of course, this is just one potential use case—I’m sure there are many more. Best regards, Ramon
_______________________________________________ Acme mailing list -- acme@ietf.org To unsubscribe send an email to acme-le...@ietf.org
