On Thu, 1 Jul 2004, Douglas Otis wrote:
There are never two valid HELO domains of which to choose. The
specification [RFC 3207] clearly states to discard previous results.
The TLS session HELO/EHLO domain would be unimportant if
the client was validated by a Certificate Authority and thereby
recognized. If not, then the TLS session HELO domain should match.
This isn't covered by RFC 3207 so needs to be explained by HNA.
However there should probably be some comment in the CSA specification
about what the server does when the client says EHLO more than once.
I feel this is not needed as it is covered in RFC3207. I would also
like to limit the topic of TLS to a single document... Dave's of course.
Note that a client can say EHLO more than once in a non-TLS SMTP session.
Should the server only use the most recent one for CSV, or the first one?
(Using the first one is probably contrary to RFC 2821.) Do they have to be
all the same?
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
GERMAN BIGHT HUMBER: SOUTHWEST 3 OR 4, OCCASIONALLY 5 LATER. THUNDERY SHOWERS.
MODERATE OR GOOD.