Do certificates for IP Addresses work?
Achim Gratz
Stromeko at nexgo.de
Sat Feb 2 09:01:36 UTC 2019
Hal Murray via devel writes:
> Is it practical to bypass the DNS lookup and use a certificate for the IP
> Address?
You'd have to use a self-signed certificate for that and check that your
library actually recognized the IP as an IP in the cert. So if you can
avoid doing that you'd be better off.
> Is there an option I can give to something like getaddrinfo() that says
> require DNSSEC? What fraction of the world is using DNSSEC and/or pays
> attention if somebody else uses it?
A whole 'nother can of worms. Assuming you use a validating resolver,
DNSSEC is mandatory to be used if the DNS zone contains a Delegation
Signer Record and the DNS information is signed.
Regards,
Achim.
--
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
Factory and User Sound Singles for Waldorf rackAttack:
http://Synth.Stromeko.net/Downloads.html#WaldorfSounds
More information about the devel
mailing list