On Tue, 2012-11-20 at 00:53 +0900, Stephen J. Turnbull wrote: > Lindsay Haisley writes: > > > It's not unusual at all. From the point of view of DNS, there's no > > difference between a virtual domain and a real one. > > Actually, that's not true.
I re-read Thufir's question and realized that I misunderstood it. Yes, what he's trying to do is decidedly unusual. > A virtual domain also is not 100% reliable for SSL/TLS > services because basic TLS does its certificate exchange at a level > "below" the DNS, so deciding which virtual domain's certificate to > present is problematic (there is an extension to the protocol which > fixes this, but it's not 100% implemented, in particular IE on XP > still can't do it according to Wikipedia, which will kill you in Japan > where about 1/3 of business systems are still XP-based). Being a natural-born cheapskate, and running a _very_ small business, I don't even have a wildcard SSL cert signing for FMP's SSL web presence. Certificates for email SSL/TLS are self-signed by scripts which came with the mail server (Courier-MTA). Customers who want SSL pages get a URL under secure.fmp.com with a directory/symlink to their home directory, and a PHP snippet in the page to deflect non-SSL accesses to the secure URL. > This isn't particularly relevant to people who are just plain users of > the system, and I imagine to you it's all second-nature now, but the > OP sounds like he's a bit into do-it-yourself so he should be aware of > the limitations on doing tricky stuff based on a virtual domain. I've always been a bit non-conformist in my system administration practices, which hasn't always made things easy, but I've learned a lot. I've never tried anything such as it seems that Thufir is working with, though. -- Lindsay Haisley | "Fighting against human creativity is like FMP Computer Services | trying to eradicate dandelions" 512-259-1190 | http://www.fmp.com | -- Pamela Jones ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
