Re: [exim] MTA-STS and Server Name Indication (SNI) on mail …

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Felipe Gasper
Datum:  
To: exim users
CC: Viktor Dukhovni
Betreff: Re: [exim] MTA-STS and Server Name Indication (SNI) on mail servers

> On Jun 17, 2020, at 8:17 PM, Viktor Dukhovni via Exim-users <exim-users@???> wrote:
>
> However, its use is recommended:
>
>    https://tools.ietf.org/html/rfc8446#section-4.4.2.2

>
>    -  The "server_name" [RFC6066] and "certificate_authorities"
>       extensions are used to guide certificate selection.  As servers
>       MAY require the presence of the "server_name" extension, clients
>       SHOULD send this extension, when applicable.


The recommendation is contextual to cases “when applicable”. This is significant because in applications where the server ignores the extension it’s arguably counterproductive to send it since it discloses the hostname that the client intends to hit. Thus it seems that if the server ignores the extension, it’s better NOT to send it--at least until encrypted SNI becomes practical.

-FG