In article <[email protected]> you write: >>Also, keep in mind that Comcast implements DANE, and you're now >>serving a different certificate, that does not match the TLSA >>record, then all the pieces fit together...
That was it. I got acme.sh to reissue the certs so that all the certs on the same IP have the same key and hence the same TLSA. Now Comcast's mail is happy. Today's question: I would like to log the SNI in the Received header. Where should I put it? One possibilty would be to use the SNI name as the by-domain in the BY clause, but that makes it hard to tell that the name came from SNI rather than by default. I suppose I could put it in a comment but that's ugly. In retrospect, RFC8461 should have added an SNI clause to Received, like RFC 8314 added tls and group clauses. Any suggestions? R's, John _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
