On Sat, May 07, 2016 at 12:46:32PM -0400, Kent Borg wrote: > On 05/07/2016 08:25 AM, Matthew Gillen wrote: > >On 5/4/2016 5:37 PM, Kent Borg wrote: > >>-kb, the Kent who admits he doesn't know how https works through Akamai > >>and the like. > >It doesn't. Akamai is a TLS termination point. They have the private > >keys of any domain they are proxying for, so they can act as the TLS > >endpoint. > > But TLS can work through a more prosaic proxy, which could do load balancing > and failover stuff. I guess a boring proxy can't serve up cached content > from nearby locations, it has to pass it on encrypted to a machine with the > the right certificate. But it could pass it on wisely and cleverly, couldn't > it? I guess it couldn't do DDoS defense and give each client dedicated IP > addresses, at least not IPv4 addresses. (In a few weeks Apple Store is > going to require ios apps work on IPv6-only networks.)
x509 certs don't care about IPs; the browser matches the cert's CN (Common Name) against the domain name it was requesting. -dsr- _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
