Re: [TLS] Multiple domain names in SNI (was Questions about TLS

To: mike-list at pobox.com (Michael D'Errico)
Subject: Re: [TLS] Multiple domain names in SNI (was Questions about TLS
From: Martin Rex <Martin.Rex at sap.com>
Date: Fri, 30 Oct 2009 19:17:56 +0100 (MET)
Cc: tls at ietf.org
Delivered-to: tls at core3.amsl.com
In-reply-to: <4AEB126F.2090105 at pobox.com> from "Michael D'Errico" at Oct 30, 9 09:21:03 am
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Reply-to: mrex at sap.com

Michael D'Errico wrote:
> 
> Here's a possible reason for a client to include multiple domain
> names in the SNI.  Suppose a user enters "foo.edu" into their
> browser.  The browser may decide to send the two names "foo.edu"
> and also "www.foo.edu" to the server in an attempt to connect on
> the first try, rather than get rejected on the first connection
> and have the overhead of retrying.

I'm sorry, I don't understand you scenario.

Current implementations of TCP can have only two communication peers,
not three and the TLS handshake works also only with two participants,
server and client.

The client MUST know which of the hostnames was used to open a particular
network connection, so there is NO situation where more than one name
should go into SNI here.

-Martin

Follow-Ups:
- Re: [TLS] Multiple domain names in SNI (was Questions about TLS
  - From: Michael D'Errico

References:
- Re: [TLS] Multiple domain names in SNI (was Questions about TLS Server Name Indication extension)
  - From: Michael D'Errico

Prev by Date: Re: [TLS] Multiple Session Caches and SNI (was Questions about TLS Server Name Indication extension)
Next by Date: Re: [TLS] Renegotiation with SNI after initial connection without SNI (was Questions about TLS Server Name Indication extension)
Previous by thread: Re: [TLS] Multiple domain names in SNI (was Questions about TLS Server Name Indication extension)
Next by thread: Re: [TLS] Multiple domain names in SNI (was Questions about TLS
Index(es):
- Date
- Thread

Re: [TLS] Multiple domain names in SNI (was Questions about TLS

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.