[30737] in North American Network Operators' Group
Re: ARIN Policy on IP-based Web Hosting
daemon@ATHENA.MIT.EDU (Bill Fumerola)
Tue Aug 29 18:51:22 2000
Date: Tue, 29 Aug 2000 18:49:21 -0400
From: Bill Fumerola <billf@chimesnet.com>
To: jlewis@lewis.org
Cc: sigma@pair.com, nanog@merit.edu
Message-ID: <20000829184921.L33771@jade.chc-chimes.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <Pine.LNX.4.10.10008291813210.6070-100000@redhat1.mmaero.com>; from jlewis@lewis.org on Tue, Aug 29, 2000 at 06:43:30PM -0400
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, Aug 29, 2000 at 06:43:30PM -0400, jlewis@lewis.org wrote:
> Unless something's changed recently, SSL still requires IP based virtual
> hosting. Here's a clipping from the c2.net Stronghold FAQ:
>
> Should I use name-based or IP-based virtual hosts?
>
> Name-based virtual hosts do not work with SSL because certificates are
> sent before server names are established. Secure virtual hosts must be
> either IP-based or port-based. IP-based virtual hosts are more
> convenient, as users would have to remember the port numbers for
> port-based virtual hosts.
Nothing has changed. There still is a chicken/egg relationship with trying
to do namebased virtual hosts with SSL.
You have to know which certificate to present based on the name...
and
... you don't know the name until the certificate exchange is complete.
Speaking as a application provider who _has_ to have independent sites
running SSL per customer, I still need a 1:1 relationship with IP and
hosts.
ARIN need to take a hit off the clue-pipe before coming down with
such a far-right policy.
--
Bill Fumerola - Network Architect, BOFH / Chimes, Inc.
billf@chimesnet.com / billf@FreeBSD.org
