IETF Logo Mail Archive

Re: [TLS] Server Name Indication (SNI) in an IPv6 world?

Simon Josefsson <simon@josefsson.org> Tue, 26 October 2010 23:51 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E1D413A6882 for <tls@core3.amsl.com>; Tue, 26 Oct 2010 16:51:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.645
X-Spam-Level:
X-Spam-Status: No, score=-102.645 tagged_above=-999 required=5 tests=[AWL=-0.046, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qrePAGyKMELD for <tls@core3.amsl.com>; Tue, 26 Oct 2010 16:51:25 -0700 (PDT)
Received: from yxa-v.extundo.com (yxa-v.extundo.com [83.241.177.39]) by core3.amsl.com (Postfix) with ESMTP id E3FB33A6879 for <tls@ietf.org>; Tue, 26 Oct 2010 16:51:24 -0700 (PDT)
Received: from latte.josefsson.org (c80-216-27-64.bredband.comhem.se [80.216.27.64]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id o9QNr7N3011119 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 27 Oct 2010 01:53:09 +0200
From: Simon Josefsson <simon@josefsson.org>
To: =JeffH <Jeff.Hodges@KingsMountain.com>
References: <4CC765D6.6020704@KingsMountain.com>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:22:101026:jeff.hodges@kingsmountain.com::ASLPrI2+1FB4hyM8:1iS9
X-Hashcash: 1:22:101026:tls@ietf.org::RIPhNUYuybFRs4Op:Kkmd
Date: Wed, 27 Oct 2010 01:53:08 +0200
In-Reply-To: <4CC765D6.6020704@KingsMountain.com> (JeffH's message of "Tue, 26 Oct 2010 16:35:50 -0700")
Message-ID: <87lj5k4il7.fsf@latte.josefsson.org>
User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Virus-Scanned: clamav-milter 0.96.3 at yxa-v
X-Virus-Status: Clean
Cc: IETF TLS WG <tls@ietf.org>
Subject: Re: [TLS] Server Name Indication (SNI) in an IPv6 world?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Oct 2010 23:51:27 -0000

=JeffH <Jeff.Hodges@KingsMountain.com> writes:

> What do folks think, will the TLS SNI extension still be employed as
> much in the IPv6 world as it is in the IPv4 world?
>
> The question stems from the simple observation (on some folks' part)
> of the IPv6 world ostensibly having multitudinous addresses available,
> hence instead of virtual-hosting via one IPv4-addressed entity (and
> employing SNI in order to properly have a cert per virtual host,
> rather than one cert with a mutitude of subjectAltName:dNSNames), one
> can instead just multi-home such hosting entities with an IPv6 addr
> per virtual host.
>
> thoughts?

It will be relevant for sites using CNAME redirection for example.
Sadly the IPv4 address situation has made it common for people to pay
for IP addresses, so I suspect people will use SNI to avoid excessive
charges for IPv6 address like they do today.  (I get 20 IPv6 addresses
for the price of one IPv4 address at one VPS hosting provider I'm
using.)

/Simon

v2.23.0 | Report a Bug | By Email