Sunder <sunder@sunder.net> writes:

The worst trouble I've had with https is that you have no way to use host header names to differentiate between sites that require different SSL certificates.

i.e. www.foo.com www.bar.com www.baz.com can't all live on the same IP and have individual ssl certs for https. :( This is because the cert is exchanged before the http 1.1 layer can say "I want www.bar.com"

So you need to waste IP's for this. Since the browser standards are already in place, it's unlikely to be to find a workaround. i.e. be able to switch to a different virtual host after you've established the ssl session. :( This is being fixed. See draft-ietf-tls-extensions-06.txt

-Ekr -- [Eric Rescorla ekr@rtfm.com] http://www.rtfm.com/