--On 22. august 2005 18:59 -0400 Cyrus Daboo <daboo(_at_)isamet(_dot_)com>
(For the MX case, the answer might be "content of the MX record" rather
than "domain that contains the MX record" - doesn't help for the A case,
and is not obvious from the text)
Am I missing something obvious?
No - this is a 'known' problem. Its an issue for IMAP and other types of
services too, where people want to run virtual domains off a single
<draft-ietf-tls-rfc3546bis-01.txt> (Section 3.1) attempts to address this
by extending TLS to allow the client to specify the server name it is
using during the TLS handshake, thus allowing the server to pick the
appropriate certificate for that name.
another place to put it would be as a parameter to the starttls command
(tell me that you're authorized for server X) - I wonder why that wasn't
considered earlier (or rejected)?
probably too late to do that change now....