CACert SSL for NameCoin

Forum rules
Warning !
Avoid using binary softwares from untrusted users.
Prefer compiling it yourself and verify sources.
Post Reply
OCTAGRAM
Posts: 8
Joined: Thu Sep 08, 2011 3:20 pm
os: mac

CACert SSL for NameCoin

Post by OCTAGRAM »

NameCoin's way of storing SSL certificates is not compatible with the way most browsers check them.

In an IPv6 internet a server owner has at least /64 block of IPv6 addresses and so he can use one SSL certificate on several domains and another SSL certificate on another domains.

Most of the Internet is currently IPv4, so most server owners have just 1 IP and are forced to use a single SSL certificate for every domain. Given a common case where a website is mirrored in both .bit TLD and another widely-recognized TLD one can either use self-subscribed certificate (doesn't protect from MITM) or use widely-recognized CA's certiifcate (without .bit domain). A third option is to use CACert and this would be the best way given that we'll be lucky at convincing them to handle .bit

vinced
Posts: 63
Joined: Wed May 18, 2011 1:16 am

Re: CACert SSL for NameCoin

Post by vinced »

I think recent software supports SNI. SNI allows different certificates for a single IP.
!v | Namecoin founder | https://dot-bit.org/

Post Reply