On Fri, Jun 02, 2017 at 08:03:40AM -0400, Ryan Sleevi wrote:
> > If a web service hoster does not provide any useful demultiplexer then it
> > can of course not
> > expect not to get blacklisted across services. Is it not already common
> > practice to assign
> > separate certificates to separate "web customers" ?
>
> No. It's typically the opposite.
Thanks.
Btw: does TLS 1.3 mandate server side cert encryption or is this something
server
apps can decide ? Just because shared web services may not yet leverage the
ability to
use certs to authenticate network connections well doesn't mean that that
option should not
be given to apps. And it would be sad if one would have to revert to older
protocol options
to have that functionality.
Another candidate use case coming to mind eg: auditing tht is required in many
eg: financial
environments. In the past i have seen even the requirement for the whole data
streams to be unencrypted
for auditing. Maybe that market segment would also be able to get more privacy
but maintain a
relevant level of auditing if the auditing relevant class of information was
visible via
the cert.
Cheers
Toerless
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
