> On Apr 18, 2018, at 11:54 AM, Daniel Margolis wrote:
>
> How is it counter-intuitive? TLS 1.3 requires SNI, no?
No, TLS 1.3, *does not* require SNI. SNI is mandatory to implement, but NOT
mandatory to use:
https://tools.ietf.org/html/draft-ietf-tls-tls13-28#section-4.4.2.2
- The "se
On Wed, Apr 18, 2018 at 03:54:14PM +, Daniel Margolis wrote:
>
> How is it counter-intuitive? TLS 1.3 requires SNI, no?
No, it does not.
- The server MAY require SNI.
- The client SHOULD send SNI.
- If the server requires SNI and client does not send one,
the server SHOULD send missing_ex
> On Apr 18, 2018, at 11:18 AM, Daniel Margolis wrote:
>
> Thanks. I think this is consistent with what was added here:
> https://github.com/mrisher/smtp-sts/blob/master/mta-sts.txt#L633. If not, let
> me know.
Looks largely fine to me. I am not fond of the HTTP-specific dictum:
HTTP se
Thanks. I think this is consistent with what was added here:
https://github.com/mrisher/smtp-sts/blob/master/mta-sts.txt#L633. If not,
let me know.
Thanks again.
On Fri, Mar 23, 2018 at 12:38 AM Viktor Dukhovni
wrote:
>
>
> > On Mar 22, 2018, at 4:17 PM, Daniel Kahn Gillmor
> wrote:
> >
> >>
>
> On Mar 22, 2018, at 4:17 PM, Daniel Kahn Gillmor
> wrote:
>
>>
>> [...] The
>> server MAY rely on SNI to determine which certificate chain to
>> present to the client. Clients that don't send SNI information may
>> not see the expected certificate chain.
>>
>> If the server's TL
On Thu 2018-03-22 14:49:18 -0400, Viktor Dukhovni wrote:
> https://tools.ietf.org/html/rfc7672#section-8.1
>
>
>[...] The
>server MAY rely on SNI to determine which certificate chain to
>present to the client. Clients that don't send SNI information may
>not see the expected certif
https://tools.ietf.org/html/rfc7672#section-8.1
[...] The
server MAY rely on SNI to determine which certificate chain to
present to the client. Clients that don't send SNI information may
not see the expected certificate chain.
If the server's TLSA records match the server's def