On 2022 Feb 25, at 08:55, Viktor Dukhovni <[email protected]> wrote:
> The moment TLS enters into the picture, you start to need much more
> complicated certificate management to get MUAs to see an acceptable
> certificate for its expected nameme on ports 587 and 465,
Ah. Hmm. That does sound like a bit of a problem.
What sort of complicated certificate management?
(The reason to do this is to make the move over seamless for the user of that
domain, and that it how their previous host had the mail setup. Duplicating the
setup means I do not have to go in and change the mail servers on every client
computer, phone, and tablet, so this is desirable. But secure submission is
required by the server at all times, so if that gets messed up, I've gained
nothing.
--
'Never trust a ruler who puts his faith in tunnels and bunkers and
escape routes. The chances are that his heart isn't in the job.'
