If there's no SRV-ID, you don't need SNI since all 100,000 domains point at
the same server name.
Yes, but then they can't be verified automatically by MUAs, so each of them
would need to be approved manually by users.
Aren't we back to RFC 6186? If the MUA developers are going to open up
the code to add new checks for the server's certificate, why not also add
checks for the appropriate SRV records? I realize that not everyone does
DNSSEC, but the SRV check will be a lot more effective than yet another
baffling warning that ends with "check OK if you ever want to see your
mail again".
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
