North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ARIN Policy on IP-based Web Hosting

  • From: Roland Dobbins
  • Date: Tue Aug 29 19:30:41 2000

It's a far-*left* policy - "We're ARIN, and we know how best everyone's
resources should be allocated."

A far-right policy would be "Here are these IPs you've requested; use
them as you will, but don't come whining back to us for more because you
underestimated your initial request."  This would be far preferable.

The SSL issue is a real one, and I don't know how to get around it.  One
would assume that this would qualify as an 'exception'; however, how are
they going to verify what you're using them for?  Are they going to nmap
your networks to see if you're really running SSL on the IPs you've
requested?

-- 
------------------------------------------------------------
 Roland Dobbins <rdobbins@netmore.net> // 818.535.5024 voice

Bill Fumerola wrote:
> 
> On Tue, Aug 29, 2000 at 06:43:30PM -0400, jlewis@lewis.org wrote:
> 
> > Unless something's changed recently, SSL still requires IP based virtual
> > hosting.  Here's a clipping from the c2.net Stronghold FAQ:
> >
> >   Should I use name-based or IP-based virtual hosts?
> >
> >   Name-based virtual hosts do not work with SSL because certificates are
> >   sent before server names are established. Secure virtual hosts must be
> >   either IP-based or port-based. IP-based virtual hosts are more
> >   convenient, as users would have to remember the port numbers for
> >   port-based virtual hosts.
> 
> Nothing has changed. There still is a chicken/egg relationship with trying
> to do namebased virtual hosts with SSL.
> 
> You have to know which certificate to present based on the name...
> and
> ... you don't know the name until the certificate exchange is complete.
> 
> Speaking as a application provider who _has_ to have independent sites
> running SSL per customer, I still need a 1:1 relationship with IP and
> hosts.
> 
> ARIN need to take a hit off the clue-pipe before coming down with
> such a far-right policy.
> 
> --
> Bill Fumerola - Network Architect, BOFH / Chimes, Inc.
>                 billf@chimesnet.com / billf@FreeBSD.org