Interesting that you should post this - I was just talking to my host about the same thing. Unfortunately it seems like we're still running Apache 1.3 which doesn't support this (need 2.x?), and also there was the unspoken implication that there's an income stream from selling static IPs to people who need SSL...

I'm not sure that migration to Vista would necessarily be more of a hold-up for use on the public web than migration to Apache 2. Of the 3 web hosts I'm using for work/personal hosting, 2 of them are still on Apache 1.3. Apache 2 seems to have been released in 2002, so if SNI hasn't yet made it into new stable releases, it could be a while before there are servers that support it without someone making an effort...

Right. But there's a difference between server and client.

If not all servers support it, that's no big deal. The servers which do support it can use it. But if not all clients support it, no-one can use it.

It is already possible to have multiple SSL virtual hosts through the X.509 subjectAltName extension. Support for this is more widespread than for server name indication, and no modification to Apache is necessary.

It however requires CA support, and that there is only one CA for all virtual hosts. So it may not be suitable for all purposes.

I think we'll have moved to IPv6 before this becomes common place.

The business end doesn't make much sense. Typically an IP comes at a lower cost ($1-$2/mo) to add on to a typical hosting account than an SSL cert costs. As a result, anyone who is using SSL is likely to be able to afford an static IP for their account and can attract 100% of their audience rather than 99% (assuming it gets to that point). What's the total savings or business advantage? Not much if anything.

EV SSL has an advantage of marketing, so there's potential for it's real world adoption. SSL without an IP address is purely tech with no end user benefit. As a result if it doesn't make financial sense for all parties involved, what's the purpose from their point of view?

I could be wrong, but I don't see this being widely adopted.

Robert: but what if we wanted every website that had a login box of some sort to use SSL?

Also, I see prices of between $5 and $15 a month for static IPs in a quick Google search. Whereas certs are free, or $15-$20 a year for Domain-Validation-only certs.