Ben Laurie wrote:
...
Hopefully over the next year, the webserver (Apache)
will be capable of doing the TLS extension for sharing
certs so then it will be reasonable to upgrade.
In fact, I'm told (I'll dig up the reference) that there's an X509v3
extension that allows you to specify alternate names in the certificate.
I'm also told that pretty much every browser supports it.
The best info I know of on the subject is here:
http://wiki.cacert.org/wiki/VhostTaskForce
Philipp has a script which he claims automates
the best method(s) described within to create
the alt-names cert.
(The big problem of course is that you can use
one cert to describe many domains only if they
are the same administrative entity.)
What we really need is for the webservers to
implement the TLS extension which I think is
called "server name indication."
And we need SSL v2 to die so it doesn't interfere
with the above.
iang
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
