[30745] in North American Network Operators' Group
RE: ARIN Policy on IP-based Web Hosting
daemon@ATHENA.MIT.EDU (Roeland M.J. Meyer)
Wed Aug 30 01:38:02 2000
Message-ID: <1148622BC878D411971F0060082B042C3636@hawk.lvrmr.mhsc.com>
From: "Roeland M.J. Meyer" <rmeyer@MHSC.com>
To: jlewis@lewis.org, sigma@pair.com
Cc: nanog@merit.edu
Date: Tue, 29 Aug 2000 22:37:53 -0700
MIME-Version: 1.0
Content-Type: text/plain
Errors-To: owner-nanog-outgoing@merit.edu
> From: jlewis@lewis.org [mailto:jlewis@lewis.org]
> Sent: Tuesday, August 29, 2000 3:44 PM
>
> On Tue, 29 Aug 2000 sigma@pair.com wrote:
> ARIN's site says:
>
> Where security is a concern, name-based hosting is capable of
> supporting the transmission of sensitive materials
> with some servers.
> Unless something's changed recently, SSL still requires IP
> based virtual
> hosting. Here's a clipping from the c2.net Stronghold FAQ:
>
> Should I use name-based or IP-based virtual hosts?
>
> Name-based virtual hosts do not work with SSL because
> certificates are
> sent before server names are established. Secure virtual
> hosts must be
> either IP-based or port-based. IP-based virtual hosts are more
> convenient, as users would have to remember the port numbers for
> port-based virtual hosts.
In addition, neither OpenSSL nor mod_ssl work with named-based virtual
hosts. All vHosts have to share the same cert whereas IP-based hosts
don't. Someone at ARIN is hallucinating, if they think that their
statement is true. As a side note, MS-IIS doesn't do it any more
successfully than Apache/OpenSSL even v5.5 under Win2K, I run both.
It sounds more like ARIN wants to shut down web-hosting companies or
prevent them from doing SSL. The only other way to read this is that
someone at ARIN is incompetent. Frankly, I'd like to know which.
