[TLS] Server Name Indication (SNI) in an IPv6 world?
=JeffH <Jeff.Hodges@KingsMountain.com> Tue, 26 October 2010 23:34 UTC
Return-Path: <Jeff.Hodges@KingsMountain.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0A3033A68DC for <tls@core3.amsl.com>; Tue, 26 Oct 2010 16:34:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.182
X-Spam-Level:
X-Spam-Status: No, score=-102.182 tagged_above=-999 required=5 tests=[AWL=0.083, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hrdQxCGNUs1z for <tls@core3.amsl.com>; Tue, 26 Oct 2010 16:34:03 -0700 (PDT)
Received: from cpoproxy3-pub.bluehost.com (cpoproxy3-pub.bluehost.com [67.222.54.6]) by core3.amsl.com (Postfix) with SMTP id E15603A6879 for <tls@ietf.org>; Tue, 26 Oct 2010 16:34:02 -0700 (PDT)
Received: (qmail 16613 invoked by uid 0); 26 Oct 2010 23:35:50 -0000
Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by cpoproxy3.bluehost.com with SMTP; 26 Oct 2010 23:35:50 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=kingsmountain.com; h=Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:Content-Type:Content-Transfer-Encoding:X-Identified-User; b=h2K6ye7RB/Nou3oygglVAl+q2DmkBdoJkiQ0E1jkryAWG+2LndNJdSGemNfLFkTkrfCrVeD9Hfb8BeemrqL8DAOg/IOKxR0EAHpHnU2nG3SX+1jrI3/N3bXtwwZuDpnC;
Received: from outbound4.ebay.com ([216.113.168.128] helo=[10.244.137.163]) by box514.bluehost.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <Jeff.Hodges@KingsMountain.com>) id 1PAt3W-00073z-LU for tls@ietf.org; Tue, 26 Oct 2010 17:35:50 -0600
Message-ID: <4CC765D6.6020704@KingsMountain.com>
Date: Tue, 26 Oct 2010 16:35:50 -0700
From: =JeffH <Jeff.Hodges@KingsMountain.com>
User-Agent: Thunderbird 2.0.0.24 (X11/20100411)
MIME-Version: 1.0
To: IETF TLS WG <tls@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 216.113.168.128 authed with jeff.hodges+kingsmountain.com}
Subject: [TLS] Server Name Indication (SNI) in an IPv6 world?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Oct 2010 23:34:04 -0000
What do folks think, will the TLS SNI extension still be employed as much in the IPv6 world as it is in the IPv4 world? The question stems from the simple observation (on some folks' part) of the IPv6 world ostensibly having multitudinous addresses available, hence instead of virtual-hosting via one IPv4-addressed entity (and employing SNI in order to properly have a cert per virtual host, rather than one cert with a mutitude of subjectAltName:dNSNames), one can instead just multi-home such hosting entities with an IPv6 addr per virtual host. thoughts? =JeffH
- [TLS] Server Name Indication (SNI) in an IPv6 wor… =JeffH
- Re: [TLS] Server Name Indication (SNI) in an IPv6… Simon Josefsson
- Re: [TLS] Server Name Indication (SNI) in an IPv6… Matt McCutchen
- Re: [TLS] Server Name Indication (SNI) in an IPv6… Matt McCutchen
- Re: [TLS] Server Name Indication (SNI) in an IPv6… Steingruebl, Andy
- Re: [TLS] Server Name Indication (SNI) in an IPv6… Marsh Ray
- Re: [TLS] Server Name Indication (SNI) in an IPv6… Steingruebl, Andy
- Re: [TLS] Server Name Indication (SNI) in an IPv6… Marsh Ray
- Re: [TLS] Server Name Indication (SNI) in an IPv6… Michael D'Errico
- [TLS] Connection diversion to other subdomains Matt McCutchen
- Re: [TLS] Server Name Indication (SNI) in an IPv6… Steven Bellovin
- Re: [TLS] Server Name Indication (SNI) in an IPv6… aerowolf
- Re: [TLS] Connection diversion to other subdomains Marsh Ray
- Re: [TLS] Connection diversion to other subdomains Matt McCutchen
- Re: [TLS] Connection diversion to other subdomains Martin Rex
- Re: [TLS] Server Name Indication (SNI) in an IPv6… Dean Anderson
- Re: [TLS] Connection diversion to other subdomains Florian Weimer
- Re: [TLS] Connection diversion to other subdomains Marsh Ray
- Re: [TLS] Connection diversion to other subdomains Florian Weimer
- Re: [TLS] Connection diversion to other subdomains Marsh Ray
- Re: [TLS] Connection diversion to other subdomains Joe Orton
- Re: [TLS] Connection diversion to other subdomains Marsh Ray
- Re: [TLS] Connection diversion to other subdomains Matt McCutchen