In message <200306111913.h5BJDPV1004648@gungnir.fnal.gov>, "Matt Crawford" writ es:
The worst trouble I've had with https is that you have no way to use host header names to differentiate between sites that require different SSL certificates.
True as written, but Netscrape ind Internet Exploder each have a hack for honoring the same cert for multiple server names. Opera seems to honor at least one of the two hacks, and a cert can incorporate both at once.
/C=US/ST=Illinois/L=Batavia/O=Fermilab/OU=Services /CN=(alpha|bravo|charlie).fnal.gov/CN=alpha.fnal.gov /CN=bravo.fnal.gov/CN=charlie.fnal.gov
You can also use *.fnal.gov --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of "Firewalls" book) --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
You can also use *.fnal.gov
Yes, we know, but our in-house CA operator (me) won't issue such a certificate. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
participants (2)
-
Matt Crawford -
Steven M. Bellovin