On Tue, Dec 15, 2015 at 10:12:56AM +0100, Michael Ströder wrote:
> SNI is a prerequisite for implementing something like [1] if a host is MX for
> more than one recipient domain.
>
> [1] https://tools.ietf.org/html/draft-friedl-uta-smtp-mta-certs
I'll likely end up a coauthor on that draft one day. And no, it
does not (or will not) need SNI. The main motivation for that
draft was IIRC some early interop issues for mandatory TLS between
Cisco Ironport and Microsoft's outlook.com email hosting service.
SNI does not scale to outlook.com. See recent IETF Last-Call
discussion of draft-ietf-uta-email-certs.
--
Viktor.
