Viktor Dukhovni:
> On Fri, Nov 07, 2014 at 09:36:12AM +0100, Michael Str?der wrote:
>
> > [email protected] wrote:
> > > until now nobody was able to tell me any benefit of multiple server names
> > > for
> > > a mailserver instead 1 hostname, 1 certificate and 1 PTR matching the
> > > A-record
> > > and HELO name with 100, 200, 300, 500 MX records in different domains
> > > pointing
> > > there
> >
> > https://tools.ietf.org/html/draft-melnikov-email-tls-certs
>
> That draft is about MUA to MTA SMTP (email "applications": MUAs, POP,
> IMAP, SMTP submission, ...). It is not a good fit for MTA
> to MTA SMTP security. For the latter see the DANE draft.
I thought that the discussion about SNI Postfix support was concerned
with MUA-to-MTA communication (avoiding pop-ups abiut cerficicate
mis-matches etc.). So let's not pollute the discussion with perceived
shortcomings of OpenSSL for other scenarios.
If real people have a need for SNI, what right do we have to tell
them to fuck off because they live in an imperfect world?
Wietse
