[Cryptography] Fast handling of IP Address changes for HTTPS

[Paul F Fraser]

Hi,

Running a webserver on a home system suffers from the problem of IP Address changes after modem reboot.

In Australia with the National Broadband Network (NBN) I am also experiencing IP Address changes 
without the modem disconnecting. It may not be general, but in my case it seems that a fixed IP 
Address is not available.

Also, when server is on a laptop it would be nice to be able to have the server available at 
different locations.

Using dynamic DNS it takes some time for the new address to work through the system, due to isp dns 
caching etc.

Having a domain name and LetsEncrypt certificate for the home server what methods are available to 
handle IP address changes fast.

In researching the subject one solution might be to use a SAN certificate with 2 domain names. The 
first domain being a site to redirect to the home server using the second domain name. But the 
redirect would have to be to an IP address, not domain name!

Another possibility is to use "DH_anon" cipher suite but I have no real idea how this works. This 
would probably be the best solution as I have a secure back channel network that can be used to 
update the ip addresses and for any authentication and authorization purposes.

Any suggestion how to handle this?

Paul Fraser




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20171229/433bd9b7/attachment.html>