On 02/12/2015 15:17, John Levine wrote:
1) use Server Name Indication TLS extension. At the moment none of the
email specs requires it. But maybe it is something that the draft should
encourage.
2) run each domain on its own IP/port, then each IP/port can use
separate certificate with a single domain.
Given that there are mail services with tens of thousands of domains
on the same set of servers, and probably at least one mail service
with 100,000 domains, this really doesn't scale.
Yes, I can add a note about this. Also recommending use of SNI (case 1)
might be a good idea.
From previous messages, I understand that both publishing and checking
SRV-ID are entirely optional. It would be nice to adjust to draft to
make that clear.
Ack, I will add some text along what we've discussed.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
