On Fri, Oct 11, 2019 at 02:17:16PM -0400, Viktor Dukhovni wrote:
> > that Gmail enabled SNI on their SMTP client is an indicator that using SNI
> > may not cause relevant trouble. But it's also known, Gmail is able to do
> > such stuff very selective to prevent damage.
>
> Indeed I am not presen
On Fri, Oct 11, 2019 at 08:02:32PM +0200, A. Schulze wrote:
> that Gmail enabled SNI on their SMTP client is an indicator that using SNI
> may not cause relevant trouble. But it's also known, Gmail is able to do
> such stuff very selective to prevent damage.
Indeed I am not presently able to rul
Am 11.10.19 um 18:10 schrieb Viktor Dukhovni:
> So likely at this point it is safe to conclude that sending SNI is
> unlikely to cause problems. Your mileage may vary.
Hi,
that Gmail enabled SNI on their SMTP client is an indicator that using SNI may
not cause relevant trouble.
But it's also
On Fri, Oct 11, 2019 at 11:32:50AM -0400, micah anderson wrote:
> > The concern is as stated, we don't know what remote MTAs will do if
> > they receive an unexpected SNI. You can try it I guess, and see
> > what happens.
>
> Indeed, this is why I was wondering how we could go about probing thes
Viktor Dukhovni writes:
>> On Oct 11, 2019, at 10:19 AM, micah anderson wrote:
>>
>> I am aware of that, but I'm not asking specifically how to implement
>> this, I'm more trying to find out what really is the concern here with
>> enabling this, and what we need to do to fix that.
>
> The conce
> On Oct 11, 2019, at 10:19 AM, micah anderson wrote:
>
> I am aware of that, but I'm not asking specifically how to implement
> this, I'm more trying to find out what really is the concern here with
> enabling this, and what we need to do to fix that.
The concern is as stated, we don't know wha
"A. Schulze" writes:
> micah anderson:
>
>> If we want to try and respect MTA-STS, when doing STARTTLS, the sender
>> needs to send the right information in the TLS SNI (Server Name
>> Inidication) extension. An MTA-STS-honoring SMTP client expects to
>> validate the X.509 certificate of the rece
micah anderson:
If we want to try and respect MTA-STS, when doing STARTTLS, the sender
needs to send the right information in the TLS SNI (Server Name
Inidication) extension. An MTA-STS-honoring SMTP client expects to
validate the X.509 certificate of the receiving MTA, but that MTA might
be k
If we want to try and respect MTA-STS, when doing STARTTLS, the sender
needs to send the right information in the TLS SNI (Server Name
Inidication) extension. An MTA-STS-honoring SMTP client expects to
validate the X.509 certificate of the receiving MTA, but that MTA might
be known by a dozen nam
