Sunder <[EMAIL PROTECTED]> writes:

> The worst trouble I've had with https is that you have no way to use host
> header names to differentiate between sites that require different SSL
> certificates.
>
> i.e. www.foo.com www.bar.com www.baz.com can't all live on the same IP and
> have individual ssl certs for https. :(  This is because the cert is
> exchanged before the http 1.1 layer can say "I want www.bar.com" 
> 
> So you need to waste IP's for this.  Since the browser standards are
> already in place, it's unlikely to be to find a workaround.  i.e. be able
> to switch to a different virtual host after you've established the ssl
> session.  :(
This is being fixed. See draft-ietf-tls-extensions-06.txt

-Ekr

-- 
[Eric Rescorla                                   [EMAIL PROTECTED]
                http://www.rtfm.com/

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to