On Wed, Oct 18, 2017 at 8:39 PM, Viktor Dukhovni <ietf-d...@dukhovni.org> wrote:
> > > > On Oct 18, 2017, at 3:29 PM, Daniel Margolis <dmargo...@google.com> > wrote: > > > > Viktor, wearing your MTA-developer hat, any objections to requiring the > MTA to always send SNI? I don't know what common MTAs do about sending SNI. > > At present, Postfix always sends SNI when doing DANE and never otherwise. > The STS logic could be the same. Mind you, SNI does introduce a privacy > leak, since SNI is sent in the clear. Not in practice. If you're not using vanity MX, it's obvious where the email is going. Without SNI, if you want vanity MX you'll need a separate IP address, so it's again going to be obvious from a network observer perspective. > So one could take the view that > the need for this is slim, and that the motivating use-case is not > compelling. Or one could support virtual-hosted "vanity" aliases for > MX hosts. Given DNS indirection from the domain to the MX hosts, the > case for virtual-hosting with alternate chains is much weaker in SMTP. > > So I am reluctant to recommend SNI support for STS, but also not saying > that it should not be supported. I'd like to see the WG consider the > pros and cons and choose accordingly. > > I'm fine with either outcome. > > -- > Viktor. > > _______________________________________________ > Uta mailing list > Uta@ietf.org > https://www.ietf.org/mailman/listinfo/uta > -- Ivan
_______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
