> On Apr 17, 2018, at 4:37 PM, admin--- via Exim-dev <exim-dev@???> wrote:
>
> SNI for a DANE-advertising site has to be different than one that does not?
> Sheesh. Does that not implicitly require that _all_ clients be DANE-aware,
> or that _all_ DANE-advertising hosts be prepared to be hit with SNI from
> non-DANE-aware clients (and still do the right thing)?
>
> I think SNI just became useless.
A host with TLSA records should expect DANE clients to send the MX hostname
as the SNI name. Other clients might use other SNI names or none at all.
I don't see how SNI becomes useless. If you've got a matching cert, send
that, if not send a default cert.
--
Viktor.
