-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Norman Rasmussen wrote: > Don't forget option #3: > > Just like HTTPS, each hostname/certificate has to have it's own IP > address - this is so that we can tell which certificate to present > based on the IP the client has just connected to.
In current TLS, client gives the host it is trying to connect, BEFORE negociating crypto. So if you are using a modern webserver and a modern browser, you can share the IP. I just don't remember if this feature is present in TLS 1.0 or in the current draft for next revision. - -- Jesus Cea Avion _/_/ _/_/_/ _/_/_/ [EMAIL PROTECTED] http://www.argo.es/~jcea/ _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ _/_/_/_/_/ PGP Key Available at KeyServ _/_/ _/_/ _/_/ _/_/ _/_/ "Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ "My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/ "El amor es poner tu felicidad en la felicidad de otro" - Leibniz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBRAd6X5lgi5GaxT1NAQJc2QQAlsXsEUB4jxqUW7/A1MCKUdeR/g+hkl7f WKgxNyoZ1gmMuJHlUfbFX/J9LV7H9807KgewnkjQT30YLj1NIitsMI1hXw/+QsuN hADOfPTd8Y1aRlSDNRglJ4QEgWAd9Mrcag1C/OACTxCpK1OL4pvQNM7zWfCRWxVM 45Mygv3h/ZA= =kUYw -----END PGP SIGNATURE-----
