Our system uses anycast for DNS (DOH and DOT) services. We'd like to use IP authentication, since our IP addresses are useds by clients to bootstrap or directly communicate with our systems. I see a few problems with the current model that has been documented for IP address certificates, and I'm wondering if there can be a discussion on the topic. Cert time is too short. We own our own /24's and /48's for use, and we are listed as the "owners" of the address space in the RIR. It seems tha...
