Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 17046 invoked from network); 22 Dec 2004 16:48:11 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 22 Dec 2004 16:48:11 -0000 Received: (qmail 72327 invoked by uid 500); 22 Dec 2004 16:47:37 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 72266 invoked by uid 500); 22 Dec 2004 16:47:37 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 72251 invoked by uid 99); 22 Dec 2004 16:47:36 -0000 X-ASF-Spam-Status: No, hits=1.3 required=10.0 tests=FROM_NO_LOWER X-Spam-Check-By: apache.org Received-SPF: pass (hermes.apache.org: local policy) Received: from dns24-ext.dfas.mil (HELO dns24.dfas.mil) (206.39.12.245) by apache.org (qpsmtpd/0.28) with ESMTP; Wed, 22 Dec 2004 08:47:33 -0800 Received: from iso-e2-w-1.DS.DFAS.MIL (iso-e2-w-1.ds.dfas.mil [158.18.1.127]) by dns24.dfas.mil with ESMTP id iBMGlRfQ016539 for ; Wed, 22 Dec 2004 11:47:27 -0500 (EST) content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: SSL + name based virtual hosting X-MimeOLE: Produced By Microsoft Exchange V6.0.6563.0 Date: Wed, 22 Dec 2004 11:47:26 -0500 Message-ID: <932ACD88A2215048AB039F28F23CC143047ADD42@iso-e2-w-1.ds.dfas.mil> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: SSL + name based virtual hosting Thread-Index: AcToNFPJByb13nUyS9Gc5qo8XbvF2AADHVJA From: "TAYLOR, TIM \(CONTRACTOR\)" To: X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N One thing to keep mind, Enrico, is that SSL was developed to be = application independent. Secure Socket Layer versus Secure HTTP Layer. = Some of the things you slam the IETF and others who have done good work = on are contrary to the fundamental intent for SSL/TLS. It works well for = securing LDAP sockets, telnet sockets, and any client-server tcp socket = I choose to code. You are fully aware that a socket consists of an IP = and port. SSL/TLS seeks to secure that connection (PERIOD). Being = wishy-washy about what socket to secure is not a consistent requirement = for this protocol. "The primary goal of the SSL Protocol is to provide privacy and = reliability between two communicating applications." (SSLv3 Draft) = Notice it what that does NOT say (HTTP, apache, browser...). You have attacked a flexible, application independent, point to point = protocol for some application-specific flexibility need. RFC2616 = addresses (whether you like it or not) YOUR application-specific need. regards, tt 317-510-5987 -----Original Message----- From: Enrico Weigelt [mailto:weigelt@metux.de] Sent: Wednesday, December 22, 2004 9:41 AM To: dev@httpd.apache.org Subject: Re: SSL + name based virtual hosting * Sander Temme wrote: > On Dec 18, 2004, at 12:19 AM, Enrico Weigelt wrote: >=20 > >What fools are sitting there in the IETF ?! >=20 > Fools that are highly aware of the hundreds of millions of web browser = > installations out there that know nothing but the standard versions of = > SSL/TLS and whose users cannot be forced to upgrade. Why wasn't it in already the first version ? We dont live in a time where evryone has IP addresses of each coffee pot = ... cu --=20 --------------------------------------------------------------------- Enrico Weigelt =3D=3D metux IT service phone: +49 36207 519931 www: http://www.metux.de/ fax: +49 36207 519932 email: contact@metux.de cellphone: +49 174 7066481 --------------------------------------------------------------------- -- DSL ab 0 Euro. -- statische IP -- UUCP -- Hosting -- Webshops -- ---------------------------------------------------------------------