One thing to keep mind, Enrico, is that SSL was developed to be application independent. Secure Socket Layer versus Secure HTTP Layer. Some of the things you slam the IETF and others who have done good work on are contrary to the fundamental intent for SSL/TLS. It works well for securing LDAP sockets, telnet sockets, and any client-server tcp socket I choose to code. You are fully aware that a socket consists of an IP and port. SSL/TLS seeks to secure that connection (PERIOD). Being wishy-washy about what socket to secure is not a consistent requirement for this protocol.
"The primary goal of the SSL Protocol is to provide privacy and reliability between two communicating applications." (SSLv3 Draft) Notice it what that does NOT say (HTTP, apache, browser...). You have attacked a flexible, application independent, point to point protocol for some application-specific flexibility need. RFC2616 addresses (whether you like it or not) YOUR application-specific need. regards, tt 317-510-5987 -----Original Message----- From: Enrico Weigelt [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 22, 2004 9:41 AM To: [email protected] Subject: Re: SSL + name based virtual hosting * Sander Temme <[EMAIL PROTECTED]> wrote: > On Dec 18, 2004, at 12:19 AM, Enrico Weigelt wrote: > > >What fools are sitting there in the IETF ?! > > Fools that are highly aware of the hundreds of millions of web browser > installations out there that know nothing but the standard versions of > SSL/TLS and whose users cannot be forced to upgrade. Why wasn't it in already the first version ? We dont live in a time where evryone has IP addresses of each coffee pot ... cu -- --------------------------------------------------------------------- Enrico Weigelt == metux IT service phone: +49 36207 519931 www: http://www.metux.de/ fax: +49 36207 519932 email: [EMAIL PROTECTED] cellphone: +49 174 7066481 --------------------------------------------------------------------- -- DSL ab 0 Euro. -- statische IP -- UUCP -- Hosting -- Webshops -- ---------------------------------------------------------------------
