On 09/23/2010 01:10 PM, Richard L. Barnes wrote:
There is no black magic here, only the magic of the TLS server_name
extension. If the client provides server_name=gmail.com, the server
provides a gmail.com cert, otherwise it defaults to mail.google.com.
Your browser is following two secure delegations before it lands at
www.google.com (gmail.com -> mail.google.com -> www.google.com).
I'd not even considered SNI.
My guess based on the anecdotes in the thread is that IE8 doesn't
support it.
Not IE8, but the pre-Vista Windows I was testing it on that doesn't do
extensions by default.
Which is why I'd not considered that gmail would depend on SNI for
its operation. I'd forgotten that this is Google we were talking about
and not any other company in the world that would put support for MSIE
on Windows XP ahead of protocol standards. :-)
(You should also be more careful about your HTTP emulation! "A client
MUST include a Host header field in all HTTP/1.1 request messages
.")
Yep, that's why I requested HTTP/1.0.
- Marsh
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf