On Mon, Jul 15, 2013 at 03:38:31PM -0400, Ben Johnson wrote:
> > It's entirely reasonable if they want to be able to change email
> > provider without having to update all their clients.
>
> This is the strongest argument that I've seen for adding SNI support to
> Postfix. I hadn't even considered this. Maybe this is the basis for our
> customers' respective positions; I wish they had made it clearer to
> begin with.
There's a lot more to SNI support than having a server that can
context-switch between multiple certificates. You need a provisioning
system that allows clients to upload private keys and matching
certificates on a self-service basis via suitably authorized
administrator accounts.
You need to send the administrators reminders about iminent
certificate expiration, and alert your staff if they don't respond
promptly, so they ultimately get phone calls when they don't act
in a timely manner.
The whole thing is a major PITA for very little gain.
> > Unfortunately there are not a lot of development cycles for adding
> > a decent SNI implementation to Postfix.
I have no time for this.
--
Viktor.
