> On Apr 17, 2018, at 7:09 PM, Phil Pennock <pdp@???> wrote:
>
> I agree the spec shows we can argue it's not required, but the spec also
> allows recipients to argue that it is required.
>
> This came up because, today, Google's servers are responding to TLS1.3
> connections which don't send SNI with a self-signed certificate which
> has DN:
>
> OU=No SNI provided; please fix your client., CN=invalid2.invalid
>
> So Google are telling sending systems that they're broken and need to be
> fixed. I saw that string in my MTA logs and went investigating.
Which Google servers are these? Are they MX hosts for some domains???
If so, I need to tell Google urgently to cease and desist, this is
wrong.
--
Viktor.
