> It's true that this is a backward compatibility problem > in that STARTTLS as currently defined doesn't actually contain > the domain name. As I indicated before, I consider this to > be a design error. There wouldn't have been a compatibility > problem if the domain name had been included in STARTTLS from > the beginning. Not clear. SMTP can relay a single copy of a message to multiple recipients at multiple domains. Your suggestion would force a separate TLS session, or a separate SMTP session, for every distinct recipient domain. Keith -- "Of course the people don't want war. But ... it is always a simple matter to drag the people along. All you have to do is tell them they are being attacked, and denounce the pacifists for lack of patriotism and exposing the country to danger... It works the same way in any country." - Hermann Goering, 1947.