(community.letsencrypt.org)

314 points Bogdanp | 2 comments | 25 Jun 25 16:21 UTC | HN request time: 0s | source

Show context

mocko ◴[25 Jun 25 17:16 UTC] No.44379696[source]▶

I can see how this would work on a technical level but what's the intended use case?

replies(13): >>44379710 #>>44379735 #>>44379778 #>>44379786 #>>44379885 #>>44379946 #>>44380155 #>>44380377 #>>44380579 #>>44380856 #>>44381151 #>>44381389 #>>44386646 #

1. ff317 ◴[25 Jun 25 17:25 UTC] No.44379778[source]▶

>>44379696 #

It might be interesting for "opportunistic" DoTLS towards authdns servers, which might listen on the DoTLS port with a cert containing a SAN that matches the public IP of the authdns server. (You can do this now with authdns server hostnames, but there could be many varied names for one public authdns IP, and this kinda ties things together more-clearly and directly).

replies(1): >>44379851 #

2. jeroenhd ◴[25 Jun 25 17:35 UTC] No.44379851[source]▶

>>44379778 (TP) #

It might also he useful to hide the SNI in HTTPS requests. With the current status of ESNI/ECH you need some kind of proxy domain, but for small servers that only host a few sites, every domain may be identifiable (as opposed to, say, a generic Cloudflare certificate or a generic Azure certificate).

↑

Getting ready to issue IP address certificates