On 19/08/15 01:13, Ryan Sleevi wrote: > Are you suggesting/endorsing that CAs violate the Baseline Requirements, > which requires RFC 5280 conformance, by improperly encoding IP addresses > into the dNSName field? I wasn't aware that this was a BR violation. CAs will need to apply my advice only for non-publicly-trusted certificates. Gerv