On 07 Nov 2014, at 07:28, Peter <pe...@pajamian.dhs.org> wrote: >> and it is smart do it that way >> >> other than for webservers you have not different contents for different >> hostnames but mandatory user authentication - so why waste time and >> money dealing with different hostnames and certificates? > > I understand where you're coming from, it is a purely cosmetic > difference which affects one setting in a user's email client, but that > one setting is rather important to a lot of people.
In my experience, the user sets it once, and then completely forgets about it. And if it is that important to them, why not pay extra for it? Oh, wait, do you mean it costs extra? Never mind, then, not so important anymore ;-) I reckon that if you could get reliable data beyond 'a lot of people', it'd be a very small group that would insist on it. Anyway, do you have an example of a legitimate need for SNI, one that cannot be addressed by using a multi-domain certificate, adding extra IP addresses and splitting it that way, or using Victor's port example? Mvg, Joni -- P.S.: Running alternate configurations on non-standard ports is actually suboptimal, given how many clients autodetect the port to use, these days. But that brings us back to the other two options.
