An attack on paypal
Eric Rescorla
ekr at rtfm.com
Wed Jun 11 09:51:12 PDT 2003
Sunder <sunder at sunder.net> writes:
> The worst trouble I've had with https is that you have no way to use host
> header names to differentiate between sites that require different SSL
> certificates.
>
> i.e. www.foo.com www.bar.com www.baz.com can't all live on the same IP and
> have individual ssl certs for https. :( This is because the cert is
> exchanged before the http 1.1 layer can say "I want www.bar.com"
>
> So you need to waste IP's for this. Since the browser standards are
> already in place, it's unlikely to be to find a workaround. i.e. be able
> to switch to a different virtual host after you've established the ssl
> session. :(
This is being fixed. See draft-ietf-tls-extensions-06.txt
-Ekr
--
[Eric Rescorla ekr at rtfm.com]
http://www.rtfm.com/
More information about the cypherpunks-legacy
mailing list