Comment by ycombinatrix
1 day ago
>it would be a grave error to issue an IP cert without active insight into BGP
Why? Even regular certs are handed out via IP address.
1 day ago
>it would be a grave error to issue an IP cert without active insight into BGP
Why? Even regular certs are handed out via IP address.
> why we are wasting so much time on utterly wrong TOFU authorization? If you are supposed to have an establishable identity I think there is DNSSEC back to the registrar
They retire challenges that were once acceptable. What happens if they require a real chain of trust? They retire http and domain names keep working on DNS/DNSSEC.
Making IP with only http challenges is going backwards.