On Wednesday, March 07, 2007 04:23:20 PM -0800 "Hallam-Baker, Phillip"
We do need to revise the architecture description. Using IP addresses as
You keep using that word. I do not think it means what you think it means.
Another instance that hit me today is the
fact that existing SSL implementations use the server IPv4 address to
select which server certificate to present to a client.
No; existing SSL server implementations assume that only one certificate is
relevant for any given transport endpoint. Which, for the vast majority of
uses, would not be that big a deal except that a certain vendor which
dominates the well-known-CA market(*) sees a revenue opportunity in
wildcard certificates, much as ISP's see a revenue opportunity in
residential customers who need multiple non-NAT'd addresses.
(*) To be fair, pretty much _every_ vendor does this.
Ietf mailing list