Re: RFC: Handling of certificates in Debian
On Mon, Sep 02, 2002 at 02:22:52PM -0300, Henrique de Moraes Holschuh wrote:
> > I would think most places want their own cert and not to share with
> > other, probably totally unrelated, people.
> For that, you need a specification that allows you to send a number of certs
> (instead of only one) and let the browser select the one that matches the
> domain it wants, and verify that single one.
I don't think thats scales sufficiently well. Some sites have
*thousands* of virtual domains. Sending all those certificates for
every https request would be expensive.
If you're going to tinker with the specification anyway, I would
suggest one where the client states up front whose certificate it wants.