Re: [exim] SNI and DANE TLSA record monitoring

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Felipe Gasper
Data:  
Para: exim users
Assunto: Re: [exim] SNI and DANE TLSA record monitoring

> On Oct 19, 2016, at 1:22 PM, Viktor Dukhovni <exim-users@???> wrote:
>
> I've
> yet to see a compelling reason for server-side SNI support. Do not
> go there, unless your back's against the wall...
>


Our reason went like this: many email clients will assume that “bob@???” uses either “foo.org” or “mail.foo.org” as a mail server.

When the only way to have working SSL is for the client to know about “shared49.somehost.where-is-this.com”, the client and server have to be smart enough to do autoconfig, or the user has to type that in manually. This makes for a worse user experience and increases support requests.

-FG