RE: NATs as firewalls
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: NATs as firewalls
On Wednesday, March 07, 2007 04:23:20 PM -0800 "Hallam-Baker, Phillip"
<pbaker at verisign.com> wrote:
We do need to revise the architecture description. Using IP addresses as
implicit signalling
You keep using that word. I do not think it means what you think it means.
Another instance that hit me today is the
fact that existing SSL implementations use the server IPv4 address to
select which server certificate to present to a client.
No; existing SSL server implementations assume that only one certificate is
relevant for any given transport endpoint. Which, for the vast majority of
uses, would not be that big a deal except that a certain vendor which
dominates the well-known-CA market(*) sees a revenue opportunity in
wildcard certificates, much as ISP's see a revenue opportunity in
residential customers who need multiple non-NAT'd addresses.
(*) To be fair, pretty much _every_ vendor does this.
-- Jeff
_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
Note Well: Messages sent to this mailing list are the opinions
of the senders and do not imply endorsement by the IETF.
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
