The use-case that may increase IP certificates is this from ADD's DDR:
https://datatracker.ietf.org/doc/html/draft-ietf-add-ddr-08#section-4.2
At a high-level, the client talks insecurely to their configured local DNS
resolver with IP address "A"
and queries for "_dns.resolver.arpa."
That ret
I’m worried about the fact that this means a certificate that was issued for
and intended to be used by a particular IP address is now potentially usable on
any arbitrary IP address via this behavior. Though I haven’t thought it all
the through yet, it seems to me to be likely that there are us
Hi Everyone,
Thank you for chiming in with comments and suggestions regarding
draft-deprecate-obsolete-kex :-)
I've tried to summarize everyone's comments below, hopefully grouped by
subject.
Apologies in advance if I missed anything (or misspelled names...), please
do reply to this thread :-)
M
