Re: For the want of another IP ...
"SNI support starts around where TLS 1.0 was supported (FF2, IE7 et al). It's ancient technology and every browser you care about supports it."
Thank you for correcting my dyslectic moment. Taxpayers are users not browsers. The majority in some demographics are still using non-SNI compliant browsers (notably XP/IE8). It may be because they are old, it may be that they are poor or just deaf but they are amongst the people most in need of government services. "Get a new browser" is not useful and many wouldn't even know what you are talking about.
Which means, to be on the safe side, if you attempting to offer a universal service you should not rely on SNI. That means an IP for every HTTPS host and one less for everybody else. Downvoting me for pointing out this awkward fact won't make it disappear.
Biting the hand that feeds IT
