Re: [exim] MTA-STS and Server Name Indication (SNI) on mail …

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Felipe Gasper
Ημερομηνία:  
Προς: exim users
Υ/ο: Viktor Dukhovni
Αντικείμενο: Re: [exim] MTA-STS and Server Name Indication (SNI) on mail servers

> On Jun 17, 2020, at 8:17 PM, Viktor Dukhovni via Exim-users <exim-users@???> wrote:
>
> However, its use is recommended:
>
>    https://tools.ietf.org/html/rfc8446#section-4.4.2.2

>
>    -  The "server_name" [RFC6066] and "certificate_authorities"
>       extensions are used to guide certificate selection.  As servers
>       MAY require the presence of the "server_name" extension, clients
>       SHOULD send this extension, when applicable.


The recommendation is contextual to cases “when applicable”. This is significant because in applications where the server ignores the extension it’s arguably counterproductive to send it since it discloses the hostname that the client intends to hit. Thus it seems that if the server ignores the extension, it’s better NOT to send it--at least until encrypted SNI becomes practical.

-FG