[13579] in cryptography@c2.net mail archive
Re: An attack on paypal
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Wed Jun 11 13:35:05 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: Sunder <sunder@sunder.net>
Cc: "James A. Donald" <jamesd@echeque.com>,
"Email List: Cypherpunks" <cypherpunks@lne.com>,
"Email List: Cryptography" <cryptography@metzdowd.com>
Reply-To: EKR <ekr@rtfm.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: 11 Jun 2003 09:51:12 -0700
In-Reply-To: <Pine.BSO.4.21.0306111049300.463-100000@anon7.arachelian.com>
Sunder <sunder@sunder.net> writes:
> The worst trouble I've had with https is that you have no way to use host
> header names to differentiate between sites that require different SSL
> certificates.
>
> i.e. www.foo.com www.bar.com www.baz.com can't all live on the same IP and
> have individual ssl certs for https. :( This is because the cert is
> exchanged before the http 1.1 layer can say "I want www.bar.com"
>
> So you need to waste IP's for this. Since the browser standards are
> already in place, it's unlikely to be to find a workaround. i.e. be able
> to switch to a different virtual host after you've established the ssl
> session. :(
This is being fixed. See draft-ietf-tls-extensions-06.txt
-Ekr
--
[Eric Rescorla ekr@rtfm.com]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
