[30953] in North American Network Operators' Group
Re: ARIN Policy on IP-based Web Hosting
daemon@ATHENA.MIT.EDU (Sabri Berisha)
Fri Sep 1 23:30:38 2000
Date: Sat, 2 Sep 2000 05:28:10 +0200 (CEST)
From: Sabri Berisha <sabri@vuurwerk.nl>
To: Roland Dobbins <rdobbins@netmore.net>
Cc: nanog@merit.edu
In-Reply-To: <39ABE3F3.3759D88B@netmore.net>
Message-ID: <Pine.LNX.4.10.10009020451150.5806-100000@bofh.vuurwerk.nl>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, 29 Aug 2000, Roland Dobbins wrote:
> The SSL issue is a real one, and I don't know how to get around it.
It's not the only one.
I happen to work for a hosting isp and we have had many discussions on
this one. None of my collegues have been able to give me the solution to
the following issue:
As we all know, cname hosting is based on the same IP. Using the IP of a
site could be a form of securitychecking. Let me explain:
Imagine we have a site on www.foo.bar with the IP 10.0.0.1.
Now we have a customer that wants to put sensitive information on
www.foo.bar/customersite.
This information would me far more secure if the customer would link to
http://10.0.0.1/customersite instead of http://www.foo.bar/customersite.
Why? It's simple; imagine some lamer writing a trojan that would change
your /etc/hosts or C:\windows\hosts files...
It happened to a bank in The Netherlands about 2 years ago (published in
the magazine Computer Idee for the dutch readers).
I think cname hosting will be unavoidable (is that correct english?) in
the next few months but every hosting company should be given enough IP's
to offer ip-based hosting too, even if it's nog going to be the standard
package...
And then we are not even talking about those nice PTR records for a host
which (I admit) are purely cosmetic but I think it will be a way of being
"cool" if you have a PTR for your A when cname hosting get's The Usual Way
of business.
--
Sabri Berisha `~*-[vuurwerk internet] bofv-ripe@whois.ripe.net
Linux / FreeBSD Scriptkiddo
hoping-to-be-ccnp-soon
my personal opinion yadda yadda
