IPv6 and HTTPS

Owen DeLong owen at delong.com
Fri Apr 26 02:32:10 UTC 2013


On Apr 25, 2013, at 9:47 PM, Jay Ashworth <jra at baylink.com> wrote:

> ----- Original Message -----
>> From: "Chris Adams" <cmadams at hiwaay.net>
> 
>> Once upon a time, Jay Ashworth <jra at baylink.com> said:
>>> Does anyone know how much IPv4 space is allocated *specifically* to cater
>>> to the fact that HTTPS requires a dedicated IP per DNS name?
>>> 
>>> Is that a statistically significant percentage of all the IPs in use?
>> 
>> I have no numbers, but my gut feeling is that there are a lot more
>> eyeballs than web servers with lots of IPs.
> 
> Fair point.  Though those are choked behind carriers who may well CGN
> them whether the eyeballs like it or not.
> 

That won't reduce the number of IPs they are consuming, it will just increase
the number of customers using them.

>>> Wasn't there something going on to make HTTPS IP muxable? How's that
>>> coming?
>> 
>> SNI; RFC 3546
>> 
>>> How fast could it be deployed?
>> 
>> The RFC is just shy of 10 years old, so that's like a baby compared to
>> IPv6.
>> 
>> It is mostly deployed, but there's still a fair number of old clients
>> that don't support it. WinXP+IE is probably the biggest fail, followed
>> by Android < 3.0 and BlackBerry.
> 
> When you say "it is mostly deployed", what exactly do you mean?  Is it 
> layer 7 or 4?  Does it live in libraries that can be upgraded behind
> users' backs?  Or is it actually in the browser proper?  Or are you just 
> talking about the server-side of the equation?

Browsers are the long-tail here. There are also some privacy concerns.

The good news is that most things which fully support IPv6 also support SNI.
The bad new is that most things that don't support IPv6 don't support SNI.

Guess what that means. ;-)

Owen





More information about the NANOG mailing list