ietf-smtp
[Top] [All Lists]

Re: RFC 3207 (STARTTLS) question

2005-08-23 02:41:24

On Mon, 22 Aug 2005, Claus Assmann wrote:

However, in some cases you don't want to speak to a particular
"personality" (virtual host) of a server but to several of them
because you figured out that <A(_at_)Z> and <B(_at_)Y> are both served by
the same host. This is one of the problems when I looked into
session reuse (as well as sending multiple RCPTs in a single
transaction): under which circumstances is it ok to do that?

This is why the distinction between hostnames and mail domains is
important. It is the *host* that you are talking to (not a mail domain) so
that is what a TLS cert should verify. That host should be prepared to
handle any recipient address at any mail domain for which it is the
advertised MX target, regardless of other recipients of the message or
other messages in the session. Virtual hosts, as in web server
terminology, usually don't make sense for email because MX records provide
the necessary indirection.

Tony.
-- 
f.a.n.finch  <dot(_at_)dotat(_dot_)at>  http://dotat.at/
BISCAY: WEST 5 OR 6 BECOMING VARIABLE 3 OR 4. SHOWERS AT FIRST. MODERATE OR
GOOD.


<Prev in Thread] Current Thread [Next in Thread>