On Tue, 29 Aug 2000 sigma@pair.com wrote:
Gentle readers who might happen to be using unique IP addresses for your Web hosting customers, or for other virtualized services such as FTP, POP3/IMAP, SSL, etc, you need to be aware of ARIN's recent policy change. Basically, they won't give you addresses anymore. They're accepting comments. A lively discussion has begun, as usual.
ARIN's site says: Where security is a concern, name-based hosting is capable of supporting the transmission of sensitive materials with some servers. ... When an ISP submits a request for IP address space, ARIN will not accept IP-based webhosting as justification for an allocation, unless an exception is warranted. Along with the request, organizations must provide appropriate details demonstrating their virtual webhosting customer base. Exceptions may be made for ISPs that provide justification for requiring static addresses. ARIN will determine, on a case-by-case basis, whether an exception is appropriate. Unless something's changed recently, SSL still requires IP based virtual hosting. Here's a clipping from the c2.net Stronghold FAQ: Should I use name-based or IP-based virtual hosts? Name-based virtual hosts do not work with SSL because certificates are sent before server names are established. Secure virtual hosts must be either IP-based or port-based. IP-based virtual hosts are more convenient, as users would have to remember the port numbers for port-based virtual hosts. ARIN's new policy looks kind of vague to me. I can read it and conclude if I were starting a web hosting company today, and wanted to use "I'm hosting a few thousand web sites, but only have a few dozen actual servers/routers/etc.", I'm not going to qualify for an allocation. But, if I already have a big chunk of space allocated by ARIN, next time I apply for more space, will they look at my IP usage and say "we think you should reuse all those /24's you burned up on web hosting and then come back to us for more space."? That would really suck. ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________