North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: ARIN Policy on IP-based Web Hosting

  • From: Roeland M.J. Meyer
  • Date: Wed Aug 30 01:38:45 2000

> From: [email protected] [mailto:[email protected]]
> Sent: Tuesday, August 29, 2000 3:44 PM
> 
> On Tue, 29 Aug 2000 [email protected] wrote:

> ARIN's site says:
> 
>   Where security is a concern, name-based hosting is capable of
>   supporting the transmission of sensitive materials
>   with some servers.

> Unless something's changed recently, SSL still requires IP 
> based virtual
> hosting.  Here's a clipping from the c2.net Stronghold FAQ:
> 
>   Should I use name-based or IP-based virtual hosts? 
>                        
>   Name-based virtual hosts do not work with SSL because 
> certificates are
>   sent before server names are established. Secure virtual 
> hosts must be
>   either IP-based or port-based. IP-based virtual hosts are more
>   convenient, as users would have to remember the port numbers for
>   port-based virtual hosts.

In addition, neither OpenSSL nor mod_ssl work with named-based virtual
hosts. All vHosts have to share the same cert whereas IP-based hosts
don't. Someone at ARIN is hallucinating, if they think that their
statement is true. As a side note, MS-IIS doesn't do it any more
successfully than Apache/OpenSSL even v5.5 under Win2K, I run both.

It sounds more like ARIN wants to shut down web-hosting companies or
prevent them from doing SSL. The only other way to read this is that
someone at ARIN is incompetent. Frankly, I'd like to know which.