[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Confirm decision on identity handling.
Uri Blumenthal <uri@bell-labs.com> writes:
> Eric Rescorla wrote:
> >>I jumped in late, so probably missed some important parts of this
> >>conversation. But binding certificates to IP addresses doesn't
> >>seem like a good idea at all, because of how short IP address
> >>lifespan may be.
> > Given the kind of information the stack has, there are many
>
> > cases where this is the only reasonable thing they might be bound to.
>
>
> The only information - perhaps. That still doesn't make it
> reasonable. For example, (I know you anticipate this :-)
> think DHCP.
Think DHCP certificates :)
-Ekr
--
[Eric Rescorla ekr@rtfm.com]
http://www.rtfm.com/