[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Confirm decision on identity handling.
Eric Rescorla wrote:
>>I jumped in late, so probably missed some important parts of this
>>conversation. But binding certificates to IP addresses doesn't
>>seem like a good idea at all, because of how short IP address
>>lifespan may be.
>
> Given the kind of information the stack has, there are many
> cases where this is the only reasonable thing they might be
> bound to.
The only information - perhaps. That still doesn't make it
reasonable. For example, (I know you anticipate this :-)
think DHCP.