I think the very question is: it's possible to use srv and let's encrypted certificate? and if yes how with prosody?
2016-07-19 16:06 GMT+02:00 Sam Whited <[email protected]>: > On Tue, Jul 19, 2016 at 4:53 AM, Simon Josefsson <[email protected]> > wrote: > > I wonder if people really care about this usage any more -- it does not > > scale well (all domains have to be encoded in the same cert => big > > certs) and introduces an indirection which often leaves room for > > attackers > > I don't understand what problem you're solving by doing this. As you > said, it's just going to make the certs bigger and overcomplicates > things. Using the common name works fine and, for better or for worse, > is just about the only thing supported by any of the cheap or free > cert providers these days. > > Just because it's in the RFC doesn't necessarily make it a best > practice, and I think in this case you're just making more issues and > work for yourself for no benefit. > > —Sam > > > > -- > Sam Whited > pub 4096R/54083AE104EA7AD3 > -- = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Thomas Camaran N° Cellulare: +39 393 8352896 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Questo messaggio e i suoi allegati sono indirizzati esclusivamente ai destinatari. Qualsiasi suo utilizzo, comunicazione o diffusione non autorizzata sono rigorosamente vietate. Qualora il presente messaggio Le fosse pervenuto per errore, Le saremmo grati se ne distruggesse ogni copia e comunicasse al mittente l'errata ricezione. [email protected] = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
