Comment Distinct IP address per site required for SSL (Score 2) 396
Most non-SSL sites use a single IP address for multiple sites and the actual hostname portion of the URL is not known until the GET request.<br><br>Assuming that we want IPv4 to continue to work, a mechanism to permit an SSL certificate to secure a group of sites would be needed before more widespread use of SSL for non-commerce/non-login sites would be practical.<br><br>Essentially, if a server hosts 30 domains, the server's certificate would need to have a certificate of its own and that certificate would have to be signed by EACH of the 30 domains. That is tricky and would require revision of HTTPS. You would probably have to have the server initially use its OWN unsigned/self-signed certificate to establish an SSL connection, have the browser specify the hostname, then have the server return a signature record that uses that hostname's certificate to sign the fingerprint of the server's SSL certificate. Once the browser confirms that the appropriate CA signed for the hostname and the hostname signed for the server, then it could continue the request (and cache the server's fingerprint).<br><br>Google should get cracking on this new HTTPS handshake first.