httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject RE: SSL + name based virtual hosting
Date Wed, 22 Dec 2004 16:47:26 GMT
One thing to keep mind, Enrico, is that SSL was developed to be application independent. Secure
Socket Layer versus Secure HTTP Layer. Some of the things you slam the IETF and others who
have done good work on are contrary to the fundamental intent for SSL/TLS. It works well for
securing LDAP sockets, telnet sockets, and any client-server tcp socket I choose to code.
You are fully aware that a socket consists of an IP and port. SSL/TLS seeks to secure that
connection (PERIOD). Being wishy-washy about what socket to secure is not a consistent requirement
for this protocol.

"The primary goal of the SSL Protocol is to provide privacy and reliability between two communicating
applications." (SSLv3 Draft) Notice it what that does NOT say (HTTP, apache, browser...).

You have attacked a flexible, application independent, point to point protocol for some application-specific
flexibility need. RFC2616 addresses (whether you like it or not) YOUR application-specific


-----Original Message-----
From: Enrico Weigelt []
Sent: Wednesday, December 22, 2004 9:41 AM
Subject: Re: SSL + name based virtual hosting

* Sander Temme <> wrote:
> On Dec 18, 2004, at 12:19 AM, Enrico Weigelt wrote:
> >What fools are sitting there in the IETF ?!
> Fools that are highly aware of the hundreds of millions of web browser 
> installations out there that know nothing but the standard versions of 
> SSL/TLS and whose users cannot be forced to upgrade.

Why wasn't it in already the first version ?

We dont live in a time where evryone has IP addresses of each coffee pot ...

 Enrico Weigelt    ==   metux IT service

  phone:     +49 36207 519931         www:
  fax:       +49 36207 519932         email:
  cellphone: +49 174 7066481
 -- DSL ab 0 Euro. -- statische IP -- UUCP -- Hosting -- Webshops --

View raw message