Something about a 6 day long IP address based token brings me back to the question of why we are wasting so much time on utterly wrong TOFU authorization?

If you are supposed to have an establishable identity I think there is DNSSEC back to the registrar for a name and (I'm not quite sure what?) back to the AS.for the IP.

▲

ycombinatrix 12 hours ago | parent [-]

Domains map one-to-one with registrars, but multiple AS can be using the same IP address.

▲

hojofpodge 12 hours ago | parent [-]

Then it would be a grave error to issue an IP cert without active insight into BGP. (Or it doesn't matter which chain you have.. But calling a website from a sampling of locations can't be a more correct answer.)

	▲	ycombinatrix 8 hours ago \| parent [-]
		>it would be a grave error to issue an IP cert without active insight into BGP Why? Even regular certs are handed out via IP address.