httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian G <i...@iang.org>
Subject Re: SNI in 2.2.x (Re: Time for 2.2.10?)
Date Wed, 20 Aug 2008 09:29:23 GMT
dev-digest-help@httpd.apache.org wrote:

> ------------------------------------------------------------------------

> May I use this occasion to ask if there's still a chance of getting a
> backport of SNI accepted for 2.2.x?


For me, +1.  For the LAMPs guys, +1m.  For the phishing 
victims, +10m.

Ok, the numbers are fingers in the air, but the essence is 
right.  We need to move much much more http services into 
secured sites, and the *only* efficient way to do this is 
via TLS/SNI.

thanks for good work so far!

> If, on the other hand, people think that SNI isn't important enough for
> 2.2.x, then I'd be glad to hear that as well (it doesn't make sense to
> repeatedly nag the list about that topic, I think).


It is IMHO the most important change in the last 10 years. 
It makes TLS in Apache's HTTPD product work like virtual 
hosts.  It means all those LAMPs guys that share servers can 
now use TLS to provide site authentication.

It is the only issue in TLS that contributes to an active, 
dynamic, attacker.  The losses to direct phishing (lack of 
proper site authentication) were around a billion, and the 
same attacker is now doing around 3 billion a year.

Also, see the current DNS issues.  We can't do routine 
boring LAMPs-level end-to-end authentication of the site 
without TLS/SNI.  (So we don't.)

iang


Mime
View raw message