On Fri, Jun 2, 2017 at 6:28 AM, Toerless Eckert <t...@cs.fau.de> wrote:
> On Fri, Jun 02, 2017 at 08:03:40AM -0400, Ryan Sleevi wrote: > > > If a web service hoster does not provide any useful demultiplexer then > it > > > can of course not > > > expect not to get blacklisted across services. Is it not already common > > > practice to assign > > > separate certificates to separate "web customers" ? > > > > No. It's typically the opposite. > > Thanks. > > Btw: does TLS 1.3 mandate server side cert encryption or is this something > server > apps can decide ? It mandates it. > Just because shared web services may not yet leverage the ability to > use certs to authenticate network connections well doesn't mean that that > option should not > be given to apps. And it would be sad if one would have to revert to older > protocol options > to have that functionality. > That functionality is illusory even now, because they are unable to determine that the server and the client are not colluding to lie about the server's identity. -Ekr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls