[Discuss] My Bank's Web Site is Behaving Oddly
Kent Borg
kentborg at borg.org
Sat May 7 13:27:46 EDT 2016
On 05/07/2016 01:05 PM, Dan Ritter wrote:
> x509 certs don't care about IPs; the browser matches the cert's CN
> (Common Name) against the domain name it was requesting.
That makes sense.
So it should be possible to do an anti-DDos service with tons of IP
addresses, but still forward on in encrypted form to a smaller number of
real machines. Incapsula could have different certificates for different
domains, but it is too much work, so they have gigantic certificates for
a herds of unrelated domains. Right?
-kb
More information about the Discuss
mailing list