RE: ARIN Policy on IP-based Web Hosting
From: jlewis@lewis.org [mailto:jlewis@lewis.org] Sent: Tuesday, August 29, 2000 3:44 PM
On Tue, 29 Aug 2000 sigma@pair.com wrote:
ARIN's site says:
Where security is a concern, name-based hosting is capable of supporting the transmission of sensitive materials with some servers.
Unless something's changed recently, SSL still requires IP based virtual hosting. Here's a clipping from the c2.net Stronghold FAQ:
Should I use name-based or IP-based virtual hosts?
Name-based virtual hosts do not work with SSL because certificates are sent before server names are established. Secure virtual hosts must be either IP-based or port-based. IP-based virtual hosts are more convenient, as users would have to remember the port numbers for port-based virtual hosts.
In addition, neither OpenSSL nor mod_ssl work with named-based virtual hosts. All vHosts have to share the same cert whereas IP-based hosts don't. Someone at ARIN is hallucinating, if they think that their statement is true. As a side note, MS-IIS doesn't do it any more successfully than Apache/OpenSSL even v5.5 under Win2K, I run both. It sounds more like ARIN wants to shut down web-hosting companies or prevent them from doing SSL. The only other way to read this is that someone at ARIN is incompetent. Frankly, I'd like to know which.
On Tue, 29 Aug 2000, Roeland M.J. Meyer wrote:
It sounds more like ARIN wants to shut down web-hosting companies or prevent them from doing SSL. The only other way to read this is that someone at ARIN is incompetent. Frankly, I'd like to know which.
http://www.arin.net/announcements/election.html. Any volunteers?
http://www.arin.net/announcements/election.html.
Any volunteers?
I'll be running for the Advisory Council position. Kevin
"Roeland M.J. Meyer" wrote:
It sounds more like ARIN wants to shut down web-hosting companies or prevent them from doing SSL. The only other way to read this is that someone at ARIN is incompetent. Frankly, I'd like to know which.
There has been a ton of discussion on this issue. In fact, at the last ARIN meeting in Calgary we discussed it extensively (both at the AC meeting as well as the public policy and member meetings). The SSL issue was raised, and it was generally agreed the objection was valid. However, the general response from most people we asked about the issue was that the number of non-SSL web hosting customers was far larger than the number of SSL web hosting customers. With this in mind the people present at the meeting generally agreed that a policy change made sense with an exception for appilcations that require per-IP virtual hosts. I really don't see what everybody is getting so up at arms about, especially since there is an exception in the policy for applications that require static IPs (such as SSL). ARIN is an open organization and it does not make arbitrary decisions without member input. Every entity that receives address space from ARIN is a member of the organization. If you don't like what ARIN is doing, then participate in the organization. If you don't participate and don't like what ARIN is doing, then IMO you really don't have a right to complain. Hope to see you all in Herndon! Alec -- Alec H. Peterson - ahp@hilander.com Staff Scientist CenterGate Research Group - http://www.centergate.com "Technology so advanced, even _we_ don't understand it!"
participants (4)
-
Alec H. Peterson
-
J Bacher
-
Roeland M.J. Meyer
-
sigmaï¼ pair.com