Am 07.11.2014 um 09:35 schrieb Michael Ströder:
Peter wrote:
It's pointless for MX hosts because they don't validate the certificate
anyways.
Which has to be changed
Google: DANE and Viktors recent response in that thread
don't require SNI
my god the reason for SNI is that with pure TLS the Host-Header from the
browser is inside the encrypted connection and that a webserver has
different docroots for different hostnames, SNI is the fixup to provide
the hostname before the handshake so that the webserver can choose the
matching certificate
in context of email it is *pointless* except very rare setups which i
would call a design error of the mail infrastructure
