* Patrick W. Gilmore: >> Reality is that as soon as SSL web servers and SSL-capable web >> browsers have support for name-based virtual hosts, the number of >> IPv4 addresses required will drop. Right now, you need 1 IP >> address for 1 SSL site; SNI spec of SSL gets rid of that. > > Agreed. > > When do you expect Windows XP & earlier versions to be a small enough > segment of the userbase that businesses will consider DoS'ing those > customers? My guess is when the cost of additional v4 addresses is > higher than the profit generated by those customers. > > Put another way: Not until it is too late.
I'm not so sure. Name-based virtual hosting for plain HTTP was introduced when Windows NT 4.0 was still in wide use. It originally came with Internet Explorer 2.0, which did not send the Host: header in HTTP requests. Anyway, I think the TLS thing is a bit of a red herring. It might be a popular justification for IP space at the formal level, but real-world requirements are a bit more nuanced. FTP and SSH/SFTP do not support name-based virtual hosting, so if you're a web hoster and structured things around "one IPv4 address per customer", then there might be another obstacle to collapsing everything on a single IPv4 address. It's also difficult to attribute DoS attackers at sub-HTTP layers to a customer if everything is on a single IPv4 address, making mitigation a bit harder.
