I think it's saying that you can't make the name look like an IP address; i.e. if the syntax were www.google.com[142.250.117.139] (I'm making this syntax up) you couldn't put 142.250.117.139[142.250.117.139].

▲

jeroenhd 9 hours ago | parent [-]

The syntax being referred to includes some obscure, outdated addressing formats (IPv4 addresses represented as two or three number groups in dotted notation rather than the normal 4).

However, "DNS-based reference identity [RFC9525]" seems to explicitly disallow IP-based certificates by requiring a DNS name. I can only interpret the sentence I quoted as written to say "make sure you never ever accidentally validate an IP address".

	▲	szmarczak 9 hours ago \| parent [-]
		I don't think your interpretation is right. If it were, > Clients that incorporate DNS names and IP addresses into the same syntax They wouldn't mention the IP addresses at all. Also, notice the word "and".