On Mon, Sep 02, 2002 at 02:22:52PM -0300, Henrique de Moraes Holschuh wrote: > > I would think most places want their own cert and not to share with > > other, probably totally unrelated, people. > > For that, you need a specification that allows you to send a number of certs > (instead of only one) and let the browser select the one that matches the > domain it wants, and verify that single one.
I don't think thats scales sufficiently well. Some sites have *thousands* of virtual domains. Sending all those certificates for every https request would be expensive. If you're going to tinker with the specification anyway, I would suggest one where the client states up front whose certificate it wants. Richard Braakman