On Wednesday, March 07, 2007 04:23:20 PM -0800 "Hallam-Baker, Phillip" <pbaker@xxxxxxxxxxxx> wrote:
We do need to revise the architecture description. Using IP addresses as implicit signalling
You keep using that word. I do not think it means what you think it means.
Another instance that hit me today is the fact that existing SSL implementations use the server IPv4 address to select which server certificate to present to a client.
No; existing SSL server implementations assume that only one certificate is relevant for any given transport endpoint. Which, for the vast majority of uses, would not be that big a deal except that a certain vendor which dominates the well-known-CA market(*) sees a revenue opportunity in wildcard certificates, much as ISP's see a revenue opportunity in residential customers who need multiple non-NAT'd addresses.
(*) To be fair, pretty much _every_ vendor does this. -- Jeff _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf