On Thu, 2009-01-29, Tony Hansen wrote:
If we were to write an Errata against RFC 3207, I'd suggest text such as
the following (in Errata format):
Section:
4.2 Result of the STARTTLS Command
Old text:
The server MUST discard any knowledge obtained from the client, such
as the argument to the EHLO command, which was not obtained from the
TLS negotiation itself.
New text:
The server MUST discard any knowledge obtained from the client that
was not obtained from the TLS negotiation itself. The server state
is otherwise as if the connection had just been opened.
This could be read to mean that the server should send the 220 greeting
again. I don't think that's what you want. I think the phrase should be
"initial state" instead of "connection had just been opened".
Reason:
The example is misleading and has lead some people to think that
knowledge of an EHLO having been sent previously should be
remembered.
[...]
Section:
4. The STARTTLS Command
Old text:
The format for the STARTTLS command is:
STARTTLS
with no parameters.
New text:
The format for the STARTTLS command is:
STARTTLS
with no parameters.
Because the server state machine is reset to an initial connection
state after negotiating TLS, and any modifications to the server
state will be lost, the client SHOULD NOT issue any MAIL
FROM or RCPT TO commands prior to using the STARTTLS command.
This does not address the issue of one or more complete messages having
been sent prior to the STARTTLS command. Does this mean that such messages
should be discarded even though the "250 OK" response has been sent for
them?
All right, that's a bit of a stretch, but if we're talking about clarity
of the language, let's be clear.
--
Bill McQuillan <McQuilWP(_at_)pobox(_dot_)com>