>The downside that vanilla HTTPS libraries in their default validate >and retrieve mode can will no longer work without custom overrides >for certificate validation. I've seen that done incorrectly in >many creative ways, ...
If history is a guide, the number of implementations of whatever hack we do will be a dozen or two, while with any luck it'll be rolled out across tens of thousands of domains or more. So, apparently, the programmers who work on mail servers are so incompetent and it would be so hard to get those few implementations debugged, that it's easier to tell those thousands of domains that they all have to reserve a fixed name and hope it doesn't collide? I've seen my share of incompetent programming (I used to teach undergrads), but really, now. R's, John _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
