At Wed, 23 Sep 2009 15:04:00 -0400 (EDT), Dean Anderson wrote: > > Is that insecure? > > If the client is authorized by certificate, then it seems that it has > that identity in addition to any application level identities. > > The only insecurity is if the certifiate private key has been > compromised, which isn't something that TLS can protect against. > > One problem with using TLS for virtual web hosts is that the server > names cannot match the single name allowed in the certificate. I don't > want to see that get worse; I'd like to see it get better. The server_name extension [RFC 4366] allows this. -Ekr _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf