Issue #424 tracks whether or not we want to allow clients to authenticate client-facing servers with an IP-based certificate:
https://github.com/tlswg/draft-ietf-tls-esni/issues/424 There are a number of different proposals for _how_ we might enable this, varying in how the name and addresses are encoded in ECHConfig structures, how these interact with atypical client connection setups (through a proxy, for example), and so on. Complexity abounds. Taking a step back, it would be great if we could reach consensus on whether or not this is a use case we actually want to solve. If it's not, then the design space seems quite smaller and more manageable in comparison. To that end, it would be great if folks could chime in here whether or not they support this particular use case (with rationale as needed). Thanks! Chris (no hat) _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
