mailing list archives
Re: IPv6 and HTTPS
From: Bernhard Amann <bernhard () ICSI Berkeley EDU>
Date: Thu, 25 Apr 2013 22:30:57 -0700
On Apr 25, 2013, at 9:27 PM, Patrick W. Gilmore <patrick () ianai net> wrote:
On Apr 26, 2013, at 00:19 , joel jaeggli <joelja () bogus com> wrote:
On 4/25/13 6:24 PM, Jay Ashworth wrote:
Ok, here's a stupid question, which I'd know the answer to if I ran bigger
Does anyone know how much IPv4 space is allocated *specifically* to cater
to the fact that HTTPS requires a dedicated IP per DNS name?
It doesn't, or doesn't if if your clients are not stuck in the past.
TLS SNI has existed for a rather long time.
Is that a statistically significant percentage of all the IPs in use?
Wasn't there something going on to make HTTPS IP muxable? How's that coming?
there are stuborn legacy hosts.
How fast could it be deployed?
you can use it now.
Sure, you "can".
But no one will. No one (especially someone doing SSL content) wants 99% connectivity. And there's a lot more than 1%
XP out there. (Hrm, that explanation works to explain why to a couple decimal places 0% of the Internet is on v6 only
Just to give a numbers, in case anyone is interested - we have been passively
monitoring SSL traffic of ~300k users for more than a year (project description at
All in all, we see about 71% of the connections on port 443 using SNI.
And the only site I am aware of that uses SNI quite extensively is google - their servers
give different certificates to clients that do not support SNI and clients that support it.
RE: IPv6 and HTTPS David Hubbard (Apr 26)
Re: IPv6 and HTTPS joel jaeggli (Apr 26)
Re: IPv6 and HTTPS Don Gould (Apr 26)
Re: IPv6 and HTTPS Owen DeLong (Apr 27)
Re: IPv6 and HTTPS Jima (Apr 28)
Re: IPv6 and HTTPS Randy Bush (Apr 28)
Re: IPv6 and HTTPS Jimmy Hess (Apr 28)