Jack Varga wrote:
> >> So that's what I'm looking to do; force a new ClientHello
> >> using a cached session_id to a new fqdn. Actually,
> >> the new fqdn in the resumed session is the front
> >> end of a gated network. The ultimate destination is the
> >> same SSL server. Another way to think of it is I'm trying
> >> to force the resumed session to take a new route which
> >> is controlled via name resolution.
> >
> > The browser is able to do something like that when proxies are involved.
> > The browser is able to decouple the information about the SSL session from
> > the IP address of the proxy. But this happens only when it is aware of the
> > proxy.
>
> What type of proxy are you referring to? Topologically,
> where would the proxy have to be located, on the client's
> network or could it be anywhere in front of the ssl server?
A typical "forward" http proxy. It could be anywhere, as long as the
browser/client is configured to use that proxy, and thus is aware of it.
--
Nelson Bolyard Sun / Netscape Alliance
Disclaimer: I speak for myself, not for Netscape
