Peter Djalaliev wrote:
I am modifying mod_nss to implement TLS upgrades (RFC2817) to use in a
special-purpose web client-server system.
We don't need to discuss the security issues of using RFC2817 on the
Internet again. The last one on 3/31 - 4/07 went through them already.
Would you mind explaining what special-purpose system you have that
requires TLS upgrade ?
Do you have a private network with 4 billion IP addresses in use
already, such that you are constrained in IP addresses, and need to be
able to use multiple SSL server certificates on the same IP address/port
? If so, I would like to hear about it.
Otherwise, I can't imagine how RFC2817 helps anything. Just create as
many IP addresses on your private network as you need SSL certificates.
The server setup will be much simpler, and this will save you the
trouble of needing a special-purpose client to access your server.
In fact, I think the
modifications to mod_nss are done, but I am not yet done with
implementing TLS upgrades in Firefox, so I haven't tested the mod_nss
modifications.
I think you are wasting your time with Firefox modifications. It's clear
that RFC2817 will not see the light of the day in official Mozilla/PSM
clients because of the security issues we previously discussed.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
