>> Haven't we already decided what to do: SNI? > > But isn't that the problem, that "SNI had to be added therefore it isn't > everywhere therefore site operators don't trust its presence therefore > SNI is irrelevant"?
It appears Apache supports SNI as of 2.2.12 which was released 12 months ago. > Do we have any information as to which browsers in significant current > use don't support SNI? Hopefully at some point site operators could > declare that browsers that don't support SNI will not be supported. The worst of the show stoppers is IE on Windows XP. No SNI support. IE6 is still at 7.2% as of June 2010. It was 14.4% in June 2009. http://www.w3schools.com/browsers/browsers_stats.asp ... is it possible to help IE6 and other non-SNI browsers to die faster? Perry suggested reading Orwell's essay, "Politics and the English Language." Think about Orwell's opening sentence: "Most people who bother with the matter at all would admit that the English language is in a bad way, but it is generally assumed that we cannot by conscious action do anything about it." Now replace "the English language" with "PKI" Then... "There is a long list of flyblown metaphors which could similarly be got rid of if enough people would interest themselves in the job; and it should also be possible to laugh the not un- formation out of existence*... *One can cure oneself of the not un- formation by memorizing this sentence: A not unblack dog was chasing a not unsmall rabbit across a not ungreen field. So... There is a long list of outdated browsers which could be got rid of if enough people would interest themselves in the job. One fast way to pressure technological change is for the world to move on to better things and leave the legacy stuff behind. Who uses Netscape 4 or IE 5 any more? Those were left behind because everyone in web design wanted CSS support and just started using CSS. The web design field desperately wants to be throwing IE6-is-dead parties. Could some intelligent web designers come up with a few snippets of code in the various web flavors (PHP, ASP, JSP, etc) for people to easily install and include on their sites (as part of a movement to discourage old browser usage and encourage better security on the web...) If an old browser is detected, a friendly warning message or even an error message appears, along with links to the site explaining the movement... Of course it would only be grassroots, but I've heard enough rumbling on web designer blogs to think that someone might just take up a cause like that. The security community could encourage it maybe? Put a Paypal button on there. I know a lot of people who would donate money. Looks like at least one site is out there: http://ie6update.com/ but has no Paypal donate button, and doesn't offer newcomers the reasons they should switch to something more modern. Maybe this is too utopian. But laughing does work, sometimes. Paul Tiemann (DigiCert) --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com