On 23/10/17 19:37, Viktor Dukhovni wrote:
> Exim actually supports server-side SNI (mostly for port 587 I
> expect), perhaps Jeremy could comment on whether Exim users
> make real use of this to host multiple virtual TLS MX hosts
> for port 25, and would really not want to just consolidate on
> a s
I believe Google's MTAs are sending SNI. But the only time this would
matter would be for cases like
https://support.google.com/a/answer/2520500?hl=en, since ordinarily nobody
is validating identities on server-to-server SMTP.
Regarding arguments in favor of supporting SNI, Jim made the best attem
On Tue, Oct 24, 2017 at 12:10:57PM +0200, Daniel Margolis wrote:
>
> In short, I see neither strong arguments against SNI nor any particular
> reason to support it. I agree with Viktor that we can just require it (with
> Ivan's language) so as to move the spec forward and be future proof. That
> s
On Tue, Oct 24, 2017 at 12:09:07PM +, Daniel Margolis wrote:
> I think we talked about minimum TLS versions or acceptable cipher suites in
> the past and concluded they were more reasonable as a hypothetical v2
> feature.
>
> I share the fear that this would be an impediment to adoption and le
On 23 Oct 2017, at 21:13, Keith Moore wrote:
--
COMMENT:
--
Balloting "Yes" because I think this is a very welcome and important
update to
its antecedent do
> In this case the client knows _beforehand_ that it has enhanced security
> requirements.
This is the part I missed. In this case, limiting TLS parameters is just usual
TLS profiling.
Thanks for clarifying,
Andrei
___
Uta mailing list
Uta@ietf.org
h
>
> Regarding arguments in favor of supporting SNI, Jim made the best attempt
> in this thread to come up with a motivating use case, and I don't find it
> very compelling.
>
I don't know, I think people will find good uses for it if it becomes
available. For example, here's one: virtual SMTP prov
> On Oct 24, 2017, at 8:15 AM, Ilari Liusvaara wrote:
>
> One thing to be _very_ careful of is not to break SNI semantics. Which
> include "one name, which has to be correct".
Actually, it does not have to be correct. Postfix happily ignores
SNI and continues with the default certificate chai
> On Oct 24, 2017, at 1:54 PM, Ivan Ristic wrote:
>
> I don't know, I think people will find good uses for it if it becomes
> available. For example, here's one: virtual SMTP providers.
> One company maintains the core infrastructure, others build businesses
> that focus on branding, marketin
> On Oct 24, 2017, at 1:54 PM, Viktor Dukhovni wrote:
>
>> In fact, the specification has a note that
>> earlier drafts supported multiple names, but this was explicitly
>> dropped as not useful.
>
> Indeed only one hint can be sent, but it need to be an exact match.
Correction:
s/n
On Tue, Oct 24, 2017 at 7:04 PM, Viktor Dukhovni
wrote:
>
> > On Oct 24, 2017, at 1:54 PM, Ivan Ristic wrote:
> >
> > I don't know, I think people will find good uses for it if it becomes
> available. For example, here's one: virtual SMTP providers.
>
> > One company maintains the core infrastru
> On Oct 24, 2017, at 2:15 PM, Ivan Ristic wrote:
>
> No, it really is. If I am building a business on top of someone else's
> infrastructure, I don't want to build on top of something I don't control; in
> this case, their domain name. Thus, I don't want to give their MX servers to
> my cus
> On Oct 24, 2017, at 5:10 AM, Daniel Margolis wrote:
>
> Regarding arguments in favor of supporting SNI, Jim made the best attempt in
> this thread to come up with a motivating use case, and I don't find it very
> compelling. In his example (where two hosting providers merge
> infrastructure
On Tue, Oct 24, 2017 at 7:47 PM, Viktor Dukhovni
wrote:
>
>
> > On Oct 24, 2017, at 2:15 PM, Ivan Ristic wrote:
> >
> > No, it really is. If I am building a business on top of someone else's
> infrastructure, I don't want to build on top of something I don't control;
> in this case, their domain
> On Oct 24, 2017, at 2:48 PM, Jim Fenton wrote:
>
> Regarding a) above: I apparently missed this. Is there any other circumstance
> where the certificate presented is matched against anything other than the
> hostname?
>
> If we go forward with REQUIRETLS, this would require that it match a
> On Oct 24, 2017, at 2:57 PM, Ivan Ristic wrote:
>
> On Tue, Oct 24, 2017 at 7:47 PM, Viktor Dukhovni
> wrote:
>
>> An MTA is far more heavy-weight infrastructure component than
>> a website. Sure you can start a Web business on someone else's
>> shared platform, but running email hosting
Viktor, you're now discussing the viability of the business model. But,
just because you wouldn't attempt it, it doesn't meant that others
wouldn't.
The point was that SNI makes this particular business model possible.
That's all. Is it possible that you will accept that one point so that we
can p
> On Oct 24, 2017, at 3:35 PM, Ivan Ristic wrote:
>
> Viktor, you're now discussing the viability of the business model. But, just
> because you wouldn't attempt it, it doesn't meant that others wouldn't.
I am discussing *plausible* requirements, not hypothetical ones.
> The point was that
On Oct 24, 2017, at 3:54 PM, Brandon Long wrote:
> Google's MTA's send SNI, and we have used it for inbound smtp to provide
> white label support for large GSuite customers. It was more important for
> MSA, but these customers all wanted that level of control at the MX level as
> well.
Thank
Alissa Cooper has entered the following ballot position for
draft-ietf-uta-email-deep-09: Yes
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to https://ww
Roni, thanks for your review. Keith, thanks for your responses. I have entered
a Yes ballot.
Alissa
> On Oct 22, 2017, at 8:43 AM, Roni Even wrote:
>
> Keith,
> Thanks for your clarifications
> I am OK with your response
> Roni
>
> From: Gen-art [mailto:gen-art-boun...@ietf.org] On Behalf Of
(inline)
Line 186
TLS, and to encourage a greater consistency for how TLS is used, this
specification now recommends use of Implicit TLS for POP, IMAP, SMTP
Submission, and all other protocols used between a Mail User Agent
Do you want to say RECOMMENDED?
Lower case "recommends" (n
Ben Campbell has entered the following ballot position for
draft-ietf-uta-email-deep-09: Yes
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to https://www
23 matches
Mail list logo
