Bill Frantz wrote:
On 12/24/05, [EMAIL PROTECTED] (Ben Laurie) wrote:
I don't see why not - the technical details actually matter. Since the
servers will all share a socket, on any normal architecture, they'll all
have access to everyone's private keys. So, what is gained by having
separate
Ben Laurie wrote:
Ian G wrote:
...
http://wiki.cacert.org/wiki/VhostTaskForce
(The big problem of course is that you can use
one cert to describe many domains only if they
are the same administrative entity.)
If they share an IP address (which they must, otherwise there's no
problem),
Eric Rescorla wrote:
Ben Laurie [EMAIL PROTECTED] writes:
And we need SSL v2 to die so it doesn't interfere
with the above.
Actually, you just disable it in the server. I don't see why we need
anything more than that.
The problem is that the ServerHostName extension that signals
which
Ian G wrote:
Ben Laurie wrote:
Ian G wrote:
...
http://wiki.cacert.org/wiki/VhostTaskForce
(The big problem of course is that you can use
one cert to describe many domains only if they
are the same administrative entity.)
If they share an IP address (which they must, otherwise there's
Ben Laurie wrote:
Ian G wrote:
http://wiki.cacert.org/wiki/VhostTaskForce
(The big problem of course is that you can use
one cert to describe many domains only if they
are the same administrative entity.)
If they share an IP address (which they must, otherwise there's no
problem), then
Ian G wrote:
BTW, illustrating points made here, the cert is for
financialcryptography.com
but your link was to www.financialcryptography.com. So of course Firefox
generated a warning
Indeed and even if that gets fixed we still have
to contend with:
* the blog software
Ben Laurie wrote:
...
Hopefully over the next year, the webserver (Apache)
will be capable of doing the TLS extension for sharing
certs so then it will be reasonable to upgrade.
In fact, I'm told (I'll dig up the reference) that there's an X509v3
extension that allows you to specify alternate
Ian G wrote:
Ben Laurie wrote:
...
Hopefully over the next year, the webserver (Apache)
will be capable of doing the TLS extension for sharing
certs so then it will be reasonable to upgrade.
In fact, I'm told (I'll dig up the reference) that there's an X509v3
extension that allows you to
Ben Laurie wrote:
If they share an IP address (which they must, otherwise there's no
problem), then they must share a webserver, which means they can share a
cert, surely?
this is a semantic nit ... certs are typically distributed openly and
freely ... so potentially everybody in the world has
Ben Laurie [EMAIL PROTECTED] writes:
Ian G wrote:
Ben Laurie wrote:
...
Hopefully over the next year, the webserver (Apache)
will be capable of doing the TLS extension for sharing
certs so then it will be reasonable to upgrade.
In fact, I'm told (I'll dig up the reference) that there's
| | But is what they are doing wrong?
| |
| | The users? No, not really, in that given the extensive conditioning
that
| | they've been subject to, they're doing the logical thing, which is not
paying
| | any attention to certificates. That's why I've been taking the
(apparently
| | somewhat
BTW, illustrating points made here, the cert is for
financialcryptography.com
but your link was to www.financialcryptography.com. So of course Firefox
generated a warning
Indeed and even if that gets fixed we still have
to contend with:
* the blog software can't handle the nature
| Imagine a E-commerce front end: Instead of little-guy.com buying a
cert
| which you are supposed to trust, they go to e-commerce.com and pay for a
| link. Everyone trusts e-commerce.com and its cert. e-commerce provides
a
| guarantee of some sort to customers who go through it, and
| 2) the vast majority of e-commerce sites did very few number of
| transactions each. this was the market segment involving e-commerce
| sites that aren't widely known and/or represents first time business. it
| is this market segment that is in the most need of trust establishment;
| however, it
On 12/19/05 9:54 AM, [EMAIL PROTECTED] wrote:
Imagine a E-commerce front end: Instead of little-guy.com buying a cert
which you are supposed to trust, they go to e-commerce.com and pay for a
link. Everyone trusts e-commerce.com and its cert. e-commerce provides a
guarantee of some sort to
15 matches
Mail list logo
