> On Oct 18, 2017, at 3:29 PM, Daniel Margolis <dmargo...@google.com> wrote:
>
> Viktor, wearing your MTA-developer hat, any objections to requiring the MTA
> to always send SNI? I don't know what common MTAs do about sending SNI.
At present, Postfix always sends SNI when doing DANE and never otherwise.
The STS logic could be the same. Mind you, SNI does introduce a privacy
leak, since SNI is sent in the clear. So one could take the view that
the need for this is slim, and that the motivating use-case is not
compelling. Or one could support virtual-hosted "vanity" aliases for
MX hosts. Given DNS indirection from the domain to the MX hosts, the
case for virtual-hosting with alternate chains is much weaker in SMTP.
So I am reluctant to recommend SNI support for STS, but also not saying
that it should not be supported. I'd like to see the WG consider the
pros and cons and choose accordingly.
I'm fine with either outcome.
--
Viktor.
_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta
