Re: [exim] SNI and DANE TLSA record monitoring

Top Page
This message is part of the following thread:
M--+\the complete thread tree sorted by date
M-\MMJan Ingvoldstad at <-
M\M.MJeremy Harris at ->
Delete this message
Reply to this message
Author: Felipe Gasper
Date:  
To: Jan Ingvoldstad
CC: exim users
Subject: Re: [exim] SNI and DANE TLSA record monitoring

> On Oct 19, 2016, at 9:13 AM, Jan Ingvoldstad <frettled@???> wrote:
>
>> I’d be fine with some facility to configure by-domain configs, logs, or
>> what not in tandem with the certificate. Just as long as it’s still simple
>> and easy to determine the certificate by the DOMAIN, not by served content.
>>
>>
> Well, SMTP doesn't "serve content" per se, so I don't really get that
> objection.

Depends on your conception of “serve content”. Insofar as we might consider “content” as the entire application (matrix of inputs/outputs), Exim/SMTP does indeed “serve content”. Anyway, semantics.

>
> What I think, is that which certificate gets served, should be fully
> configurable based on the information available at the time you need to
> serve the certificate. That's not a lot of information. :)

Furious agreement. :)

-FG
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] SNI and DANE TLSA record monitoringRe: [exim] SNI and DANE TLSA record monitoring->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)