On Apr 25, 2013, at 9:27 PM, Patrick W. Gilmore <patrick@ianai.net> wrote:
On Apr 26, 2013, at 00:19 , joel jaeggli <joelja@bogus.com> wrote:
On 4/25/13 6:24 PM, Jay Ashworth wrote:
Ok, here's a stupid question[1], which I'd know the answer to if I ran bigger networks:
Does anyone know how much IPv4 space is allocated *specifically* to cater to the fact that HTTPS requires a dedicated IP per DNS name? It doesn't, or doesn't if if your clients are not stuck in the past.
Is that a statistically significant percentage of all the IPs in use?
Wasn't there something going on to make HTTPS IP muxable? How's that coming?
TLS SNI has existed for a rather long time. there are stuborn legacy hosts.
How fast could it be deployed? you can use it now.
Sure, you "can".
But no one will. No one (especially someone doing SSL content) wants 99% connectivity. And there's a lot more than 1% XP out there. (Hrm, that explanation works to explain why to a couple decimal places 0% of the Internet is on v6 only today.)
Just to give a numbers, in case anyone is interested - we have been passively monitoring SSL traffic of ~300k users for more than a year (project description at http://notary.icsi.berkeley.edu). All in all, we see about 71% of the connections on port 443 using SNI. And the only site I am aware of that uses SNI quite extensively is google - their servers give different certificates to clients that do not support SNI and clients that support it. Bernhard