[Top] [All Lists]

Re: SMTP/TLS: Authentication of an SMTP server's identity

2004-05-07 11:42:59

John C Klensin <john-ietf(_at_)jck(_dot_)com> writes:
Russ Allbery <rra(_at_)Stanford(_dot_)edu> wrote:

This is the reason why you didn't find an example like that.  This is
why web sites that require TLS have a separate IP address for every
host name.

Of course, their doing so defeats all of the effort that people put into
getting HOST into HTTP,

HOST is useless for solving this problem with HTTP over TLS because it
happens too late.  The TLS negotiation has already occurred by the time
the request with the Host header has been sent to the server.

the position of sundry RIRs that assigning multiple addresses to one
interface on a given host in order to work around poor protocol design
was not justification for more addresses, etc.  Sigh.

Right.  That's why TLS added server_name, so that we can stop putting
multiple addresses on the same interface.  :)

And I imagine that is part of the distinction Keith is trying to make.

If so, I think it's still lost on me....

Whatever the other issues with MXs are, they are slightly different

I'm not seeing why, other than that MX records are normally used for
server-to-server communication rather than client-to-server communication.

Russ Allbery (rra(_at_)stanford(_dot_)edu)