> On Jan 26, 2019, at 12:40 PM, John R Levine <[email protected]> wrote:
>
> After reading all the discussion I posted an -02 which takes out all mention
> of ESNI. Here's why.
>
> More substantively, I would be surprised if any MTA ever implements ESNI
> because it makes no sense for mail. On the web, different hostnames lead to
> different web sites, and clients expect the name in the TLS cert to match the
> hostname in the request. In mail, we've never expected the name of the MTA
> to match the domain of the recpient, and it is quite normal for a million
> different domains to point their MXes at the same host with the same name,
> e.g. aspmx.l.google.com.
>
> If you don't want your SNI to give anything away, you just do what mail
> systems have done all along, use the same MX names for everyone. There's no
> problem for ESNI to solve and certainly no reason to go to the effort to put
> all the ESNI glop in the DNS.
Sure, works for me.
--
Viktor.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
