Re: [exim] MTA-STS and Server Name Indication (SNI) on mail …

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Felipe Gasper
Fecha:  
A: exim users
Cc: Viktor Dukhovni
Asunto: Re: [exim] MTA-STS and Server Name Indication (SNI) on mail servers

> On Jun 17, 2020, at 8:17 PM, Viktor Dukhovni via Exim-users <exim-users@???> wrote:
>
> However, its use is recommended:
>
>    https://tools.ietf.org/html/rfc8446#section-4.4.2.2

>
>    -  The "server_name" [RFC6066] and "certificate_authorities"
>       extensions are used to guide certificate selection.  As servers
>       MAY require the presence of the "server_name" extension, clients
>       SHOULD send this extension, when applicable.


The recommendation is contextual to cases “when applicable”. This is significant because in applications where the server ignores the extension it’s arguably counterproductive to send it since it discloses the hostname that the client intends to hit. Thus it seems that if the server ignores the extension, it’s better NOT to send it--at least until encrypted SNI becomes practical.

-FG