On 12/3/2008 7:08 AM, John Levine wrote:
Why can't I buy one SSL cert and put it onto as many sites as I like?
Because each site has a unique DNS entry. I don't think a system that
requires a DNS entry for every message you send would work very well.
I am straining to imagine why you would say this. Seriously. I'm
mildly boggled. So forgive me if my response misses your point:
Uh, Barry, that's how SSL certs on web sites work. Every web site has
a DNS entry, the name in the cert has to match the name in the DNS
that a www client uses to find the site.
You need one cert for each web host, not one cert for each page on the web host.
If a single box answers to multiple hostnames, it needs a cert for each name to
which it responds; it does not need a seperate cert for each page on each
virtual host. You can buy multiple copies of a single SSL cert so that you can
legally put the same cert on multiple boxes.
Go back to the analogy of the postage meter. When you buy/rent a postage meter,
the meter is assigned a unique ID number which is printed on each envelope
processed through the meter. The ID number is unique to the meter, not to each
envelope; the epostage signature would be unique to the epostage cert purchased
by the sending domain, not to each message sent from the domain. Presumably, a
site could purchase multiple copies of a single epostage cert, so that messages
from multiple MTA's would carry the same espostage signature.
I see some conceptual similarities between this epostage proposal and DKIM.
--
Paul Russell, Senior Systems Administrator
OIT Messaging Services Team
University of Notre Dame
prussell(_at_)nd(_dot_)edu
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg