From: "David Schwartz" <[EMAIL PROTECTED]>
davids> > TLS doesn't support name-based virtual servers either.
davids>
davids> Someone needs to yell at the TLS working group! A
davids> chance to 'automatically' add support for name-based virtual
davids> hosts to all protocols layered on top of TLS is too good to
davids> give up. It would take decades to add that support to each
davids> protocol individually.
I'm not sure that's the right way to go, for a very simple reason: if
that would be done, you'd need to either add some kind of TLS
recognition mode in all servers, and that will be tricky, especially
for those protocols that are already binary in nature, or the number
of required ports will double instantly, since the other logical
alternative is to have separate ports for the protocols over TLS, and
with the growing amount of services, there will be a shortage of
ports, if we aren't there already.
This is why upgrading to TLS within the original protocol is a better
idea, as stated in RFC2817, among others. After all, it wouldn't be
that difficult to write a small routine library that deals with this
kind of upgrade, or so I imagine...
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
Redakteur@Stacken \ SWEDEN \ or +46-709-50 36 10
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, Celo Communications: http://www.celocom.com/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
