Reply to post: Re: "We decided on a global fallback"

These truly are the end times for TLS 1.0, 1.1: Firefox hopes to 'eradicate' weak HTTPS standard by blocking it

LDS Silver badge

Re: "We decided on a global fallback"

Actually, you can have certificates of IP addresses too. Subject alternative names can contain IP addresses as well. Probably no "root" CA will ever release a certificate with an IP especially when you don't own (fully, i.e. like Apple) that IP address. But if you have an internal CA, and control your own internal address space, you can issue certificates with IP as well. I do - for devices for which I need to access even when the DNS system is down.

Moreover usually people access devices by IP because they don't have a working name resolution system - but many devices do allow using HTTPS.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022