On Sat, Nov 15, 2008 at 03:21, Jeff Sadowski <[EMAIL PROTECTED]> wrote: > > I think I just came up with a clever solution. However web browsers > will have to support srv records > the problem with virtual hosts is that you can have only one ssl > certificate per port (443) > because ssl requires it encrypted before it sends any other information. > A solution is to run a different key on different ports thus it could > distinguish via port what key to encrypt with > https://onedomain.com:443 > https://twodomain.com:444 > > by default a web browser goes to port 443 for https > Now if a web browser followed the rules of svr records you could tell > the web browser to go to a different port using srv records > > _https._tcp.onedomain.com SRV 443 > _https._tcp.twodomain.com SRV 444 > > then again if the web browser follows SRV records it should > automatically go to the right port for ssl and you can have an ssl > connection to a virtual host each host with its own certificate.
Yes, idea is good... I've found several Internet Drafts about this topic, but none of them got released as RFC so far: http://tools.ietf.org/html/draft-andrews-http-srv-01 http://tools.ietf.org/html/draft-jennings-http-srv-00 I'm not sure if any browser available currently support this, but I suppose none. Maybe if it became RFC, you might get Mozilla folks interested with this :) -- Patryk Szczygłowski [EMAIL PROTECTED] JID/mail: [EMAIL PROTECTED] P. J. O'Rourke - "Never wear anything that panics the cat."
