>> Haven't we already decided what to do: SNI?
> But isn't that the problem, that "SNI had to be added therefore it isn't
> everywhere therefore site operators don't trust its presence therefore
> SNI is irrelevant"?

It appears Apache supports SNI as of 2.2.12 which was released 12 months ago.

> Do we have any information as to which browsers in significant current
> use don't support SNI?  Hopefully at some point site operators could
> declare that browsers that don't support SNI will not be supported.

The worst of the show stoppers is IE on Windows XP.  No SNI support.

IE6 is still at 7.2% as of June 2010.  It was 14.4% in June 2009.  


... is it possible to help IE6 and other non-SNI browsers to die faster?

 Perry suggested reading Orwell's essay, "Politics and the English Language."  
Think about Orwell's opening sentence:

"Most people who bother with the matter at all would admit that the English 
language is in a bad way, but it is generally assumed that we cannot by 
conscious action do anything about it."

Now replace "the English language" with "PKI"


"There is a long list of flyblown metaphors which could similarly be got rid of 
if enough people would interest themselves in the job; and it should also be 
possible to laugh the not un- formation out of existence*...

*One can cure oneself of the not un- formation by memorizing this sentence: A 
not unblack dog was chasing a not unsmall rabbit across a not ungreen field.


There is a long list of outdated browsers which could be got rid of if enough 
people would interest themselves in the job.

One fast way to pressure technological change is for the world to move on to 
better things and leave the legacy stuff behind.  Who uses Netscape 4 or IE 5 
any more?  Those were left behind because everyone in web design wanted CSS 
support and just started using CSS.  The web design field desperately wants to 
be throwing IE6-is-dead parties.  Could some intelligent web designers come up 
with a few snippets of code in the various web flavors (PHP, ASP, JSP, etc) for 
people to easily install and include on their sites (as part of a movement to 
discourage old browser usage and encourage better security on the web...)  If 
an old browser is detected, a friendly warning message or even an error message 
appears, along with links to the site explaining the movement...  Of course it 
would only be grassroots, but I've heard enough rumbling on web designer blogs 
to think that someone might just take up a cause like that.  The security 
community could encourage it maybe?  Put a Paypal button on there.  I know a 
lot of people who would donate money.  

Looks like at least one site is out there: http://ie6update.com/ but has no 
Paypal donate button, and doesn't offer newcomers the reasons they should 
switch to something more modern.

Maybe this is too utopian.  But laughing does work, sometimes.

Paul Tiemann
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to