IETF Logo Mail Archive

Re: [Uta] MTA-STS-03 review

Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 30 March 2017 14:16 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31299124BE8 for <uta@ietfa.amsl.com>; Thu, 30 Mar 2017 07:16:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kq1h19FmqEzi for <uta@ietfa.amsl.com>; Thu, 30 Mar 2017 07:16:10 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [108.5.242.66]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72704126C26 for <uta@ietf.org>; Thu, 30 Mar 2017 07:16:10 -0700 (PDT)
Received: from vpro.lan (cpe-74-71-8-253.nyc.res.rr.com [74.71.8.253]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mournblade.imrryr.org (Postfix) with ESMTPSA id 598DD7A32F1 for <uta@ietf.org>; Thu, 30 Mar 2017 14:16:09 +0000 (UTC) (envelope-from ietf-dane@dukhovni.org)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <20170330105556.GR11426@blitiri.com.ar>
Date: Thu, 30 Mar 2017 10:16:08 -0400
Content-Transfer-Encoding: quoted-printable
Reply-To: uta@ietf.org
Message-Id: <930AE500-DBD5-4AE1-B767-8E8B0CEA6044@dukhovni.org>
References: <4C0807DA-4852-4DAC-80ED-8A25371CFFAA@dukhovni.org> <CANtKdUfOZYSr_SuGHdDHHgrF8J5VjEWwVw_7KC2xS5DrCKhu-w@mail.gmail.com> <20170326205218.GN11426@blitiri.com.ar> <92500952-2A50-4508-8686-03CDBF72485D@dukhovni.org> <CANtKdUfL+RT05KSqj5i4YeoRa=gHywNosou2VPF6acPDpRhG0g@mail.gmail.com> <20170330105556.GR11426@blitiri.com.ar>
To: uta@ietf.org
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/fDF2FSKJcBAoajuUkZ2iuFHIGbs>
Subject: Re: [Uta] MTA-STS-03 review
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Mar 2017 14:16:12 -0000

> On Mar 30, 2017, at 6:55 AM, Alberto Bertogli <albertito@blitiri.com.ar> wrote:
> 
> For example, how does this interact with SNI? e.g what name would the
> client pick to give to the server in the TLS negotiation?

Always the MX hostname.  The server is however free to return its
default certificate.  While SNI makes some sense for multi-tenant
submission servers, it is of little use in MX hosting, where the
simplest hosting approach is to use the same MX hostname in the
MX records of all the tenant domains.

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email