[ietf78-tech] Fwd: Certificates for the IETF
John Kemp
kemp at network-services.uoregon.edu
Thu Jul 15 14:31:25 PDT 2010
On 07/15/2010 01:40 PM, Geert Jan de Groot wrote:
> On Wed, 14 Jul 2010 13:43:46 -0700 John Kemp wrote:
>> IP for the webpage has to be on the VLAN of the client.
>> Name for that IP has to resolve to match the certificate.
>> IP for that Name has to work when the client fetches it.
>
> I'm probably missing something, but:
> How about using using split DNS? If a DNS request comes from
> vlan 112, we give the portal IP on vlan 112, if the DNS
> request comes in on vlan 128, we give the portal IP on vlan 128.
>
> Both IP addresses share the same hostname & certificate.
>
> What am I missing?
>
> (I'm not sure how many non-WPA-capable 802.11A clients we'll
> encounter, but that's another thing)
>
> GJ
It's a valid suggestion.
But we have the certificate now.
We really shouldn't need to do anything to the DNS.
/jgk
More information about the ietf78-tech
mailing list