North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ARIN Policy on IP-based Web Hosting

  • From: Roland Dobbins
  • Date: Tue Aug 29 19:30:41 2000

It's a far-*left* policy - "We're ARIN, and we know how best everyone's
resources should be allocated."

A far-right policy would be "Here are these IPs you've requested; use
them as you will, but don't come whining back to us for more because you
underestimated your initial request."  This would be far preferable.

The SSL issue is a real one, and I don't know how to get around it.  One
would assume that this would qualify as an 'exception'; however, how are
they going to verify what you're using them for?  Are they going to nmap
your networks to see if you're really running SSL on the IPs you've

 Roland Dobbins <[email protected]> // 818.535.5024 voice

Bill Fumerola wrote:
> On Tue, Aug 29, 2000 at 06:43:30PM -0400, [email protected] wrote:
> > Unless something's changed recently, SSL still requires IP based virtual
> > hosting.  Here's a clipping from the Stronghold FAQ:
> >
> >   Should I use name-based or IP-based virtual hosts?
> >
> >   Name-based virtual hosts do not work with SSL because certificates are
> >   sent before server names are established. Secure virtual hosts must be
> >   either IP-based or port-based. IP-based virtual hosts are more
> >   convenient, as users would have to remember the port numbers for
> >   port-based virtual hosts.
> Nothing has changed. There still is a chicken/egg relationship with trying
> to do namebased virtual hosts with SSL.
> You have to know which certificate to present based on the name...
> and
> ... you don't know the name until the certificate exchange is complete.
> Speaking as a application provider who _has_ to have independent sites
> running SSL per customer, I still need a 1:1 relationship with IP and
> hosts.
> ARIN need to take a hit off the clue-pipe before coming down with
> such a far-right policy.
> --
> Bill Fumerola - Network Architect, BOFH / Chimes, Inc.
>                 [email protected] / [email protected]