[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
James Fidell wrote: > Simon Waters wrote: > >>You need an IP address per certificate, as the certificate is the first >>thing sent down the line when an https connection is made. This is a sad >>hangover from the days before name based virtual hosting, and why we >>still get away with charging extra if you want hosting with its own IP >>address. > > It's also possible to use a different port on the same IP address for > different SSL-enabled sites -- the important bit is that the webserver > can uniquely identify which site a client is connecting to (in order to > correctly process the request) when it isn't in a position to decrypt > the request itself. Indeed, but in a world of corporate firewalls you don't want to be forcing use of non-standard ports, especially on the bit that collects your income. > I can't think of any other way to achieve that without exposing some of > the request details, which is what HTTPS is trying to avoid in the first > place. I'm sure name based virtual hosting with encryption is perfectly easy, just as TLS does it for SMTP. The problem is changing all the browsers already deployed, in such a way that people trust it. Basically means convincing Microsoft, on the upside whoever does it first could make a mint in certificate revenues, so it is kind of surprising that Microsoft haven't. Someone asleep at the bridge? -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html