ietf-smtp
[Top] [All Lists]

Re: STARTTLS & EHLO: Errata text?

2009-01-29 15:20:40

Tony,

Given the confusion about readings, I'd recommend modifying your
changes to make them brutally clear.  Suggestions below.

--On Thursday, January 29, 2009 12:04 -0500 Tony Hansen
<tony(_at_)att(_dot_)com> wrote:


If we were to write an Errata against RFC 3207, I'd suggest
text such as the following (in Errata format):

Section:
   4.2 Result of the STARTTLS Command

Old text:
   The server MUST discard any knowledge obtained from the
client, such    as the argument to the EHLO command, which was
not obtained from the    TLS negotiation itself.

New text:
   The server MUST discard any knowledge obtained from the
client that    was not obtained from the TLS negotiation
itself. The server state    is otherwise as if the connection
had just been opened.

s/opened/opened, i.e., before a session has been established by
the client sending EHLO/
 
Reason:
   The example is misleading and has lead some people to think
that    knowledge of an EHLO having been sent previously
should be    remembered.
 
Section:
   4.2 Result of the STARTTLS Command

Old text:
   The client SHOULD send an EHLO command as the
   first command after a successful TLS negotiation.

New text:
   The client MUST send either an EHLO command or a HELO
command as the    first command after a successful TLS
negotiation.

s/HELO command as/HELO command, or a command that does not
require that a mail transaction be open, as/

That can be done in several other ways, but I don't think you
can or should prohibit VRFY, EXPN, HELP, etc., there.

Reason:
   Since the state is reset to that of a connection having
just been    opened, the requirement from RFC 5321 applies:

      In any event, a client MUST issue HELO or EHLO before
starting a    mail transaction.

   The previous text implied that a client can get by without
sending    one or the either.

 
Now for the $64k questions:

1) Is there consensus behind this viewpoint?

Wfm, with the changes above.

2) If so, does the text above cover the ground?

See suggestions above.

3) If so, who wants to file the Errata?

Having written it, is there any reason why you should not just
go ahead and do it?

    john