On Tue, Jul 30, 2013 at 3:43 PM, email@example.com wrote:
On 12:01 pm, firstname.lastname@example.org wrote:
ISTR my reason for not picking Athena was that the cross-domain story isn't great. You can do cross-domain stuff with CNAME hacks, except then you don't get TLS, unless Twisted suddenly does SNI or you have a cert with ten gazillion alternative CNs.
There's no problem doing SNI with Twisted.
Right, you can do SNI (figuring out how is kind of non-trivial, presumably less so if you're the PyOpenSSL maintainer :)) and Twisted doesn't really help nor get in the way, sorry.
I think my actual issue (this was a while ago) with SNI wasn't the server side, it was terrible clients that don't understand SNI, particularly IE on WinXP.
Anyway, my point is that the cases where you Athena can't cut it are small, and it's probably good enough, which I guess has been made before in this thread ;)