On 05/08/2016 04:51, Viktor Dukhovni wrote: > On Fri, Aug 05, 2016 at 04:33:25AM +0200, Jakob Bohm wrote: > >> I haven't read that proposal, but if the HTTPS server has to use the >> same host name as the SMTPS server, then the SMTPS server could just >> use the certificate directly. > There is at best a very tenuous analogy between TLS for HTTP and TLS > for SMTP. So your suggestions miss the mark, unfortunately. :-( > > First and forement TLS in SMTP is opportunistic, and compounding > that the destination hosts are discovered indirectly via MX records. > For a more detailed exposition, see: Hence my other suggestions about how to incorporate rules based on the RCPT TO domain name matching if that is what said proposal is doing (from what you wrote previously, it couldn't safely connect to any random https server mentioned in an unsigned TXT record). > https://tools.ietf.org/html/rfc7672#section-1.3 > > [ Or just take my word for it, you are likely busy enough with > other things that I know very little about. ] > Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded