ietf
[Top] [All Lists]

Re: UTA: Server certificate management (Re: Last Call: <draft-ietf-uta-email-tls-certs-05.txt>)

2015-12-03 21:53:45
The "technical omission" here is "using 6186 together with mail servers
supporting a high number of domains is going to be painful, and this
document doesn't say how to solve it".

Wait a minute.  If you don't use the SRV-IDs, which you don't need if
use DNSSEC on the SRV records, 6186 scales just fine.  No SNI, nothing
but SRV records that have the domain name that should match the DNS-ID
the server presents.  What am I missing?

On the other hand, if you need the SRV-ID records, a server that
supports two domains is going to be just as schrod if the domains
don't happen to bear a relationship to the DNS-ID that CAs can verify.

R's,
John

<Prev in Thread] Current Thread [Next in Thread>