Re: [exim] SNI and DANE TLSA record monitoring

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M\MViktor Dukhovni at <-
MMMViktor Dukhovni at ->
Delete this message
Reply to this message
Author: Felipe Gasper
Date:  
To: exim users
Subject: Re: [exim] SNI and DANE TLSA record monitoring

> On Oct 19, 2016, at 1:22 PM, Viktor Dukhovni <exim-users@???> wrote:
>
> I've
> yet to see a compelling reason for server-side SNI support. Do not
> go there, unless your back's against the wall...
>

Our reason went like this: many email clients will assume that “bob@???” uses either “foo.org” or “mail.foo.org” as a mail server.

When the only way to have working SSL is for the client to know about “shared49.somehost.where-is-this.com”, the client and server have to be smart enough to do autoconfig, or the user has to type that in manually. This makes for a worse user experience and increases support requests.

-FG
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] SNI and DANE TLSA record monitoringRe: [exim] SNI and DANE TLSA record monitoring->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)