←back to thread

Getting ready to issue IP address certificates

(community.letsencrypt.org)
314 points Bogdanp | 1 comments | 25 Jun 25 16:21 UTC | HN request time: 0.437s | source
Show context
mocko ◴[25 Jun 25 17:16 UTC] No.44379696[source]
I can see how this would work on a technical level but what's the intended use case?
replies(13): >>44379710 #>>44379735 #>>44379778 #>>44379786 #>>44379885 #>>44379946 #>>44380155 #>>44380377 #>>44380579 #>>44380856 #>>44381151 #>>44381389 #>>44386646 #
szszrk ◴[25 Jun 25 17:44 UTC] No.44379946[source]
Sometimes you want to have valid certs while your dns is undergoing major redesign. For instance to keep your dashboards available, or to be triple sure no old automation will fail due to dns issues.

In other cases dns is just not needed at all. You might prefer simplicity, independence from dns propagation, so you will have your, say, Cockpit exposed instantly on a test env.

Only our imagination limits us here.

replies(1): >>44380116 #
Hizonner ◴[25 Jun 25 18:00 UTC] No.44380116[source]
So go to keys-are-names.

There's no reason AT ALL to bring IP addresses into the mix.

replies(2): >>44380212 #>>44382552 #
szszrk ◴[25 Jun 25 18:08 UTC] No.44380212[source]
> So go to keys-are-names.

Elaborate, please.

> There's no reason AT ALL to bring IP addresses into the mix.

Not sure what scenario you are talking about, but IPs are kind of hard to avoid. DNS is trivial to avoid - you can simply not set it up.

"bringing IPs into the mix" is literally the only possible option.

replies(2): >>44380427 #>>44383376 #
1. arianvanp ◴[26 Jun 25 01:20 UTC] No.44383376[source]
https://yggdrasil-network.github.io/

Its a mesh routing network where your identity is your public key and your ipv6 address is derived from the hash of your public key.

Works perfectly