> Are IP addresses more transient than a domain within a 45 day window?

If I don't assign an EIP to my EC2 instance and shut it down, I'm nearly guaranteed to get a different IP when I start it again, even if I start it within seconds of shutdown completing.

It'd be quite a challenge to use this behavior maliciously, though. You'd have to get assigned an IP that someone else was using recently, and the person using that IP would need to have also been using TLS with either an IP address certificate or with certificate verification disabled.

▲

qwertox 11 hours ago | parent [-]

Ok, though if you're in that situation, is an IP cert the correct solution?

	▲	toast0 11 hours ago \| parent [-]
		It's probably not a good solution if you're dealing with clients you control. Otoh, if you're dealing with browsers, they really like WebPKI certs, and if you're directing load to specific servers in real time, why add DNS and/or a load balancer thing in the middle?