https for virtual hosts (was: attack on paypal)
John S. Denker
jsd at monmouth.com
Wed Jun 11 12:53:25 EDT 2003
On 06/11/2003 10:56 AM, Sunder wrote:
>
> www.foo.com www.bar.com www.baz.com can't all live on the same IP and
> have individual ssl certs for https. :( This is because the cert is
> exchanged before the http 1.1 layer can say "I want www.bar.com"
>
> So you need to waste IP's for this. Since the browser standards are
> already in place, it's unlikely to be to find a workaround.
A reasonable workaround might be something like:
http://www.ietf.org/rfc/rfc3056.txt
... to allow isolated IPv6 domains or
hosts, attached to an IPv4 network which has no native IPv6 support,
to communicate with other such IPv6 domains or hosts with minimal
manual configuration, before they can obtain natuve IPv6
connectivity. It incidentally provides an interim globally unique
IPv6 address prefix to any site with at least one globally unique
IPv4 address, even if combined with an IPv4 Network Address
Translator (NAT).
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list