Autor: Bill Hacker Datum: To: exim-users Betreff: Re: [exim] Setup for authenticated submission
Jakob Hirsch wrote:
> Kjetil Torgrim Homme wrote:
>
>
>>design of Internet protocols. LDAP, IMAP, SMTP, etc. etc -- it all
>>starts unencrypted and negotiates afterwards.
>
>
> Err, there's a $1s counterpart for every protocol you listed, and there
> are pop3s, imaps, nntps, https (which has no STARTTLS, TTBOMK).
>
>
>
ACK.
But in a manner of speaking an https (variant) can have comparable
behaviour.
ISTR that 'modern' http has a provision for specifying 'en clair' which
of several possible domains it seeks on a given IP, such that the server
can (among other things) offer up a matching cert - otherwise
historically a PITA for multi-domain servers on one IP.
'Old' AOLServer 'clusters' also did something similar via effectively
transparent routing a single external IP to multiple backend AOLServers
over unix sockets, & Squid *might* be able to do something similar if
breathed on heavily. Likewise Exim ...
Details escape me, as implementation was/is rare, and it goes against
the 'standards' vs simpler use of 'wildcard' or multi-domain certs;-)