Re: ARIN Policy on IP-based Web Hosting

[Bill Fumerola <billf () chimesnet com>]

On Tue, Aug 29, 2000 at 06:43:30PM -0400, jlewis () lewis org wrote:

> Unless something's changed recently, SSL still requires IP based virtual
> hosting.  Here's a clipping from the c2.net Stronghold FAQ:
>
>   Should I use name-based or IP-based virtual hosts? 
>                        
>   Name-based virtual hosts do not work with SSL because certificates are
>   sent before server names are established. Secure virtual hosts must be
>   either IP-based or port-based. IP-based virtual hosts are more
>   convenient, as users would have to remember the port numbers for
>   port-based virtual hosts.

Nothing has changed. There still is a chicken/egg relationship with trying
to do namebased virtual hosts with SSL.

You have to know which certificate to present based on the name...
and
... you don't know the name until the certificate exchange is complete.

Speaking as a application provider who _has_ to have independent sites
running SSL per customer, I still need a 1:1 relationship with IP and
hosts.

ARIN need to take a hit off the clue-pipe before coming down with
such a far-right policy.

-- 
Bill Fumerola - Network Architect, BOFH / Chimes, Inc.
                billf () chimesnet com / billf () FreeBSD org