On 12/13/2015 11:55 AM, Dirk Stöcker wrote:
On Sat, 12 Dec 2015, Viktor Dukhovni wrote:
And SMTP has the big advantage, that you can define the name of the
host in
MX, so the name of the mail server can be independent from the domain
of the
email address.
Simply wait a bit longer and maybe that issue solves itself :-)
Thanks for the moral support. I agree that SNI is not particularly
compelling for port 25. The more strongest arguments for SNI that
I've seen are for port 587 submission, where there's no MX indirection,
users' MUAs have statically configured SMTP servers.
At least for Thunderbird and some open source mail software I got rid of
this issue as well by implementing the autoconfig procedure:
https://wiki.mozilla.org/Thunderbird:Autoconfiguration:ConfigFileFormat
That's much more powerful than SNI alone. Parsing the postfix files it
gives each of my users the correct settings for all of their email
addresses.
Negative: If fully implemented it allows everybody to find the username
for a given mail address but I decided that's worth the additional
comfort. Usually guessing gives you the username not much slower (with
some uncertainity).
I tried also to implement the Microsoft variant but till now I do not
think setup is really correct. :-)
Ciao
A big negative to Thunderbird autoconfig - it looks for http before
https resulting in MITM vulnerability.
They say it is because hosting companies like godaddy don't want to have
a TLS cert for every e-mail domain.
They should have a DNS TXT field like _moz_auto.domain.tld or something
that points to the authoritative TLS autoconfig server but they don't
want to do that.
