Zitat von li...@rhsoft.net:
Am 07.11.2014 um 09:35 schrieb Michael Ströder:Peter wrote:It's pointless for MX hosts because they don't validate the certificate anyways.Which has to be changedGoogle: DANE and Viktors recent response in that thread don't require SNImy god the reason for SNI is that with pure TLS the Host-Header from the browser is inside the encrypted connection and that a webserver has different docroots for different hostnames, SNI is the fixup to provide the hostname before the handshake so that the webserver can choose the matching certificatein context of email it is *pointless* except very rare setups which i would call a design error of the mail infrastructure
+1It is always bad to add more complexity to a security technology for cosmetic reasons. SNI is a HTTPS thing and should stay there.
Regards Andreas
smime.p7s
Description: S/MIME Cryptographic Signature
