[EMAIL PROTECTED] wrote:
------------------------------------------------------------------------
May I use this occasion to ask if there's still a chance of getting a backport of SNI accepted for 2.2.x?
For me, +1. For the LAMPs guys, +1m. For the phishing victims, +10m.
Ok, the numbers are fingers in the air, but the essence is right. We need to move much much more http services into secured sites, and the *only* efficient way to do this is via TLS/SNI.
thanks for good work so far!
If, on the other hand, people think that SNI isn't important enough for 2.2.x, then I'd be glad to hear that as well (it doesn't make sense to repeatedly nag the list about that topic, I think).
It is IMHO the most important change in the last 10 years. It makes TLS in Apache's HTTPD product work like virtual hosts. It means all those LAMPs guys that share servers can now use TLS to provide site authentication.
It is the only issue in TLS that contributes to an active, dynamic, attacker. The losses to direct phishing (lack of proper site authentication) were around a billion, and the same attacker is now doing around 3 billion a year.
Also, see the current DNS issues. We can't do routine boring LAMPs-level end-to-end authentication of the site without TLS/SNI. (So we don't.)
iang
smime.p7s
Description: S/MIME Cryptographic Signature
