Well, in the end channel binding would be the best option which really mitigates some threat vectors. For example MITM, secrets extraction out of the browser and so on. But the big issue is that this is not widely supported.
Using the IP as means is IMO nonsense with todays use of CG-NAT, VPN and so on. It does not rely help securing something.
Using the IP as means is IMO nonsense with todays use of CG-NAT, VPN and so on. It does not rely help securing something.
But these are just my 2 cents ;-)
Disclaimer: I wrote the article