In article <[email protected]> you write: >Yes, we knew about STARTTLS, but we didn't understand the >impact/consequences of SNI back then. The DRUMS WG charter also >prevented the addition of new features outside specifically identified >exceptions (e.g., IPv6). Without that restriction, I doubt we could have >completed RFC 2821 & RFC 2822.
Since the first SNI code for OpenSSL was written in 2004, and it wasn't added to production version until 2007, I'd say it's excusable that you didn't mention it in RFCs published in 2001. Also, until MTA-STS came along there was little reason to expect the mail server's cert to match the name the client used to find it. Until fairly recently, most STARTTLS certs were self-signed since there was no benefit to paying a CA to sign them. >I think it would be very useful to write an RFC that changes the >registry for fields in the received header to an "expert-review >registry", and also adds an SNI field. ... Excellent idea. R's, John _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
