On Wed, Apr 21, 2021, at 11:48, Carrick Bartle wrote: > > I'm not sure what you are implying might be impossible. Are you suggesting > > that it might be impossible to get a name for which you could get a > > certificate? > > No. I'm implying that if we don't allow clients to authenticate > client-facing servers with an IP-based certificate, ECH won't be > possible in cases where the client-facing server doesn't have a name.
That in turn implies that getting an IP-based certificate might be easier than a DV certificate (and the associated name). I'd need more supporting evidence to believe that. Under what conditions could that be true? _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
