Am 16.09.2013 13:52, schrieb Jeroen Massar:
On 2013-09-16 13:36, Reindl Harald wrote:
the main question remains:
- why is anybody doing this?
Because IPv4 addresses are running out (or harder/pricy to get) and not all clients on IPv4 yet and thus you will have to have multiple certs on a single IP instead of an IP each per cert
the main question was why deal with different server names at all and not about IPv4 and how many IP addresses you get
"mail.hosting-company.tld" with a certificate, PTR-record and A-Record and you are done for 100, 1000, 10000, 100000 domains
- "the user wants "mail.hisdomain.tld" is *not* a valid reason and should lead to explain the user the stupidity of doing so for no benefit
I don't see anything "stupid" about this. It is so much easier to explain to a user "your email is xxx@example.com, your mail client does the rest" than "oh, you need to use this mail server and that here and that there".
really?
you need to privide the user his username and password anyway so no there is no magical configuration at all so what makes it hard to write one line more?
- mailserver: mail.hosting-company.tld
- username: you@yourdomain.tld
- password: yourpassword
Thunderbird (and likely other clients) autoconfigure by guessing {mail|smtp|imap}.<domain> and thus a proper cert is nice to have there instead of "warning untrusted mail.example.net!" everytime
"mail.example.net" does not need to exist at all https://wiki.mozilla.org/Thunderbird:Autoconfiguration