Do certificates for IP Addresses work?

[Hal Murray]

If I start with a name, translate that to an IP Address, make a TLS connection 
to that system, I expect to get a certificate that matches the name.  But that 
translation step adds another layer of security considerations.

Is it practical to bypass the DNS lookup and use a certificate for the IP 
Address?

Is there an option I can give to something like getaddrinfo() that says 
require DNSSEC?  What fraction of the world is using DNSSEC and/or pays 
attention if somebody else uses it?



-- 
These are my opinions.  I hate spam.