Am 2015-12-15 15:48, schrieb wie...@porcupine.org:
Wietse:
This session has multiple recipients, in different domains that
have the same MX host. Whose SNI [domain] shall be used?
Michael Storz:
[Examples that do not use SNI]
Nice try, but that did not answer the question.
On the other side: if you do not want to use SNI
I have no problems with SNI in SMTP.
Please answer a simple question: when one SMTP transaction has
recipients in different domains, which SNI domain name shall be
used?
I can come up with lots of answers, ranging from one extreme (don't
send multiple recipients per transaction) to using the name in the
MX record.
Make your choice.
Wietse
Sorry for not writing it explicitly. In the case I described, you use
the domain of the recipient address, because this is the only
information you can trust (and this domain must be included in the SAN).
Since you have more than one recipient domain in the described case, you
must use more than one TLS connection to use the recipient domain for
SNI. You cannot use the MX record because you cannot trust it (I wrote:
it is not secured by DNSSEC).
Michael
