[jdev] virtual hosting and certificate checking

[JD Conley]

> address. Naturally we'll need to clarify this in rfc3920bis, but my
> question now is: how do existing clients and servers handle this?

We do this on the server side with a separate cert for each domain --
even conference, users, and other sub-domains used in s2s. Some client
software packages present a warning when certificates aren't correct
(domain mismatch, etc) but many do not and just use the certificates for
encryption, not authentication.

-JD Conley