On Fri, Jun 2, 2017 at 6:31 AM, Toerless Eckert <t...@cs.fau.de> wrote:
> On Fri, Jun 02, 2017 at 01:16:01PM +0300, Richard Barnes wrote: > > Operators trying to do this by inspecting TLS (and not decrypting) are > > going to have a bad time anyway. With HTTP/2 connection coalescing, even > > if they can see the certificate, the actual HTTP request could be for any > > name in the certificate. So there's nothing really gained by exposing > the > > certificate. > > If a web service hoster does not provide any useful demultiplexer then it > can of course not > expect not to get blacklisted across services. Is it not already common > practice to assign > separate certificates to separate "web customers" ? > No. It's typically the opposite.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls