Re: [exim] SNI and DANE TLSA record monitoring

Top Page
Delete this message
Reply to this message
Author: Felipe Gasper
Date:  
To: exim users
Subject: Re: [exim] SNI and DANE TLSA record monitoring

> On Oct 19, 2016, at 1:22 PM, Viktor Dukhovni <exim-users@???> wrote:
>
> I've
> yet to see a compelling reason for server-side SNI support. Do not
> go there, unless your back's against the wall...
>


Our reason went like this: many email clients will assume that “bob@???” uses either “foo.org” or “mail.foo.org” as a mail server.

When the only way to have working SSL is for the client to know about “shared49.somehost.where-is-this.com”, the client and server have to be smart enough to do autoconfig, or the user has to type that in manually. This makes for a worse user experience and increases support requests.

-FG