Re: [exim-dev] [Bug 2594] CNAME handling can break TLS certi…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MViktor Dukhovni at <-
Madmin at ->
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-dev
Subject: Re: [exim-dev] [Bug 2594] CNAME handling can break TLS certificate verification
On 09/06/2020 18:33, Viktor Dukhovni via Exim-dev wrote:
> Perhaps so, but in the context of everything else in RFC6125, and the
> specs for other protocols, ... it is fairly clear (to me anyway) that
> the intent is to match the SMTP server name prior to CNAME expansion,
> just like the HTTP/IMAP/... cases.

Given that HTTP/IMAP don't do MX lookups, the argument-by-analogy
is dubious.
You could as easily use it to justify the first of my three options.

I'm not saying I think you've chosen then wrong thing, only that
the lawyering is weak.
--
Cheers,
Jeremy

This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-[exim-dev] [Bug 2596] Changing the default value for the hosts_noproxy_tls option breaks the use of smtp authorization[exim-dev] [Bug 2597] New: LDAP lookup in smtp_accept_max_per_host does not close file descriptor->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)