On Monday, March 12, 2018 11:12:36 PM GMT Jim Reid wrote: > > On 12 Mar 2018, at 17:37, Paul Hoffman <paul.hoff...@vpnc.org> wrote: > > > > If the use case here is to be able to issue certificates for TLS servers > > based on the IP address instead of the domain name, creating something > > new in the DNS may be overkill. That is, why even have Section 4.1 of > > draft-ietf-acme-ip at all? What's wrong with only having direct HTTPS > > access? > Is web the only protocol that runs on the Internet now? I realise that might > seem to be the case these days, but even so... :-)
we need to use TLS to secure both dns-over-https and some forms of TCP/53 in which the server's address is known but not its name. -- Vixie _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
