[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: Handling of certificates in Debian

On Mon, Sep 02, 2002 at 02:22:52PM -0300, Henrique de Moraes Holschuh wrote:
> > I would think most places want their own cert and not to share with
> > other, probably totally unrelated, people.
> 
> For that, you need a specification that allows you to send a number of certs
> (instead of only one) and let the browser select the one that matches the
> domain it wants, and verify that single one.

I don't think thats scales sufficiently well.  Some sites have
*thousands* of virtual domains.  Sending all those certificates for
every https request would be expensive.

If you're going to tinker with the specification anyway, I would
suggest one where the client states up front whose certificate it wants.

Richard Braakman
Reply to: