To:
Michael Richardson <mcr@sandelman.ottawa.on.ca>
CC:
keydist@cafax.se
From:
Stephen Farrell <stephen.farrell@baltimore.ie>
Date:
Thu, 04 Apr 2002 15:02:43 +0100
Reply-To:
stephen.farrell@baltimore.ie
Sender:
owner-keydist@cafax.se
Subject:
Re: Let's assume DNS is involved
> a) There is no certification authority which signs keys for where the name > is an IP address. That's a bit misleading. If you mean you don't know what deployed CA does this, then fair enough. If you mean that new certificate-like formats are required to do it, then you're wrong - just use a null-DN in the subject field and an altname with an ip address and X.509's fine. And I think the latter is more relevant for an answer to the (IMO quite good) question posed. Stephen. -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com