On Thu, Oct 9, 2008 at 5:59 AM, Ian G <[EMAIL PROTECTED]> wrote: > > >> As we all know, this will not be in 2.2.10... Please recall that >> things must be in -trunk before being viable for backport to 2.2.x. > > It's impossible to even express how disappointing this is ;( > > There are only two changes in TLS on the server side that have been > identified to have any effect on phishing [1]. TLS/SNI is the easy one.
What's the effect beyond making mass-vhosting easier? > > A httpd fix will almost work by itself; the browsers already did > their part [2]. Only the config changes implemented by all here are > needed on the web server to turn the LAMPs on in a million small but > secured sites. There's still the issue of certificates and CPU time. > > What are the blockages? Mozo have offered money but don't know what > to do or who to talk to? Review has been public. Nobody's opposed to SNI in the webserver, but AIUI the patch that implements it seems to have a troubled history with respect to integrating with all the per-directory quriks of SSL renegotiation in mod_ssl. IMO the merits of SNI isn't the operative argument. -- Eric Covener [EMAIL PROTECTED]