Hal Murray via devel writes: > Is it practical to bypass the DNS lookup and use a certificate for the IP > Address?
You'd have to use a self-signed certificate for that and check that your library actually recognized the IP as an IP in the cert. So if you can avoid doing that you'd be better off. > Is there an option I can give to something like getaddrinfo() that says > require DNSSEC? What fraction of the world is using DNSSEC and/or pays > attention if somebody else uses it? A whole 'nother can of worms. Assuming you use a validating resolver, DNSSEC is mandatory to be used if the DNS zone contains a Delegation Signer Record and the DNS information is signed. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Factory and User Sound Singles for Waldorf rackAttack: http://Synth.Stromeko.net/Downloads.html#WaldorfSounds _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
