Am 22.12.2013 23:09, schrieb Gedalya:
On 12/22/2013 04:26 PM, Reindl Harald wrote:
forget it - SNI is relevant for webservers because different vhosts with different contents, typically not for mailservers
why do you start the burden of different certs instead "mail.your-company.tld" and give that hostname to any user?
While it's true that there is no strictly technical benefit to SNI in IMAP, it can perhaps have benefits in terms of presentability. Hosted domain customers might want to be able to use their own certificates issued to them rather than using Subject Alternate Names etc, for purely cosmetic reasons.
hopefully they pay for that "cosmetic reasons" or leave technical things to techs keep in mind that you need a certificate with each used domain as SAN (subject alternative name) which means each time you host a new domain you need to change the certificate - Thawte calculates 169,- per jear and SAN - have fun :-)
then there are mail-clients - which of them do not support SNI, or in case of mail clients which of them do support it properly and how is the presentability in case of certificate warnings for the one which does not
169,- for cosmetic reasons - well, i would prefer a chiropody instead.....