On Apr 25, 2013, at 9:27 PM, Patrick W. Gilmore <patr...@ianai.net> wrote:
> On Apr 26, 2013, at 00:19 , joel jaeggli <joe...@bogus.com> wrote: >> On 4/25/13 6:24 PM, Jay Ashworth wrote: > >>> Ok, here's a stupid question[1], which I'd know the answer to if I ran >>> bigger >>> networks: >>> >>> Does anyone know how much IPv4 space is allocated *specifically* to cater >>> to the fact that HTTPS requires a dedicated IP per DNS name? >> It doesn't, or doesn't if if your clients are not stuck in the past. >> >> TLS SNI has existed for a rather long time. >>> Is that a statistically significant percentage of all the IPs in use? >>> >>> Wasn't there something going on to make HTTPS IP muxable? How's that >>> coming? >> there are stuborn legacy hosts. >>> How fast could it be deployed? >> you can use it now. > > Sure, you "can". > > But no one will. No one (especially someone doing SSL content) wants 99% > connectivity. And there's a lot more than 1% XP out there. (Hrm, that > explanation works to explain why to a couple decimal places 0% of the > Internet is on v6 only today.) Just to give a numbers, in case anyone is interested - we have been passively monitoring SSL traffic of ~300k users for more than a year (project description at http://notary.icsi.berkeley.edu). All in all, we see about 71% of the connections on port 443 using SNI. And the only site I am aware of that uses SNI quite extensively is google - their servers give different certificates to clients that do not support SNI and clients that support it. Bernhard