Home page logo

nanog logo nanog mailing list archives

Re: IPv6 and HTTPS
From: Jay Ashworth <jra () baylink com>
Date: Thu, 25 Apr 2013 21:47:29 -0400 (EDT)

----- Original Message -----
From: "Chris Adams" <cmadams () hiwaay net>

Once upon a time, Jay Ashworth <jra () baylink com> said:
Does anyone know how much IPv4 space is allocated *specifically* to cater
to the fact that HTTPS requires a dedicated IP per DNS name?

Is that a statistically significant percentage of all the IPs in use?

I have no numbers, but my gut feeling is that there are a lot more
eyeballs than web servers with lots of IPs.

Fair point.  Though those are choked behind carriers who may well CGN
them whether the eyeballs like it or not.

Wasn't there something going on to make HTTPS IP muxable? How's that

SNI; RFC 3546

How fast could it be deployed?

The RFC is just shy of 10 years old, so that's like a baby compared to

It is mostly deployed, but there's still a fair number of old clients
that don't support it. WinXP+IE is probably the biggest fail, followed
by Android < 3.0 and BlackBerry.

When you say "it is mostly deployed", what exactly do you mean?  Is it 
layer 7 or 4?  Does it live in libraries that can be upgraded behind
users' backs?  Or is it actually in the browser proper?  Or are you just 
talking about the server-side of the equation?

-- jra
Jay R. Ashworth                  Baylink                       jra () baylink com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com         2000 Land Rover DII
St Petersburg FL USA               #natog                      +1 727 647 1274

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]