[13580] in cryptography@c2.net mail archive
Re: https for virtual hosts (was: attack on paypal)
daemon@ATHENA.MIT.EDU (John S. Denker)
Wed Jun 11 13:36:18 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 11 Jun 2003 12:53:25 -0400
From: "John S. Denker" <jsd@monmouth.com>
To: Sunder <sunder@sunder.net>
Cc: "James A. Donald" <jamesd@echeque.com>,
Cypherpunks <cypherpunks@lne.com>,
Cryptography <cryptography@metzdowd.com>
In-Reply-To: <Pine.BSO.4.21.0306111049300.463-100000@anon7.arachelian.com>
On 06/11/2003 10:56 AM, Sunder wrote:
>
> www.foo.com www.bar.com www.baz.com can't all live on the same IP and
> have individual ssl certs for https. :( This is because the cert is
> exchanged before the http 1.1 layer can say "I want www.bar.com"
>
> So you need to waste IP's for this. Since the browser standards are
> already in place, it's unlikely to be to find a workaround.
A reasonable workaround might be something like:
http://www.ietf.org/rfc/rfc3056.txt
... to allow isolated IPv6 domains or
hosts, attached to an IPv4 network which has no native IPv6 support,
to communicate with other such IPv6 domains or hosts with minimal
manual configuration, before they can obtain natuve IPv6
connectivity. It incidentally provides an interim globally unique
IPv6 address prefix to any site with at least one globally unique
IPv4 address, even if combined with an IPv4 Network Address
Translator (NAT).
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
