[arin-ppml] Fairness of banning IPv4 allocations to somecategoryof organization
Shumon Huque
shuque at isc.upenn.edu
Wed Oct 14 13:03:48 EDT 2009
On Sun, Oct 11, 2009 at 12:31:52PM -0400, William Herrin wrote:
>
> Https, for example, does not function properly without a different IP
> address for each hostname because the SSL certificate for the server
> name must be offered to the browser before the HTTP 1.1 server name is
> transmitted by the browser.
It's possible to support this, with more modern SSL/TLS implementations.
See the TLS "Server Name Indication" extension (RFC 4366, Section 3.1),
which a client can use to pass the server name during the TLS handshake.
Most modern browsers today already support this. Apache either already
supports it, or (last time I checked) had patches floating around.
Even without SNI, you can make this work with a single certificate with
multiple subjectAltName dnsname fields populated with the various server
names.
--Shumon.
More information about the ARIN-PPML
mailing list