ietf-smtp
[Top] [All Lists]

Re: STARTTLS & EHLO: Errata text?

2009-01-29 15:24:00


On Thu, 2009-01-29, Tony Hansen wrote:

If we were to write an Errata against RFC 3207, I'd suggest text such as
the following (in Errata format):

Section:
   4.2 Result of the STARTTLS Command

Old text:
   The server MUST discard any knowledge obtained from the client, such
   as the argument to the EHLO command, which was not obtained from the
   TLS negotiation itself.

New text:
   The server MUST discard any knowledge obtained from the client that
   was not obtained from the TLS negotiation itself. The server state
   is otherwise as if the connection had just been opened.

This could be read to mean that the server should send the 220 greeting
again. I don't think that's what you want. I think the phrase should be
"initial state" instead of "connection had just been opened".

Reason:
   The example is misleading and has lead some people to think that
   knowledge of an EHLO having been sent previously should be
   remembered.

[...]

Section:
   4. The STARTTLS Command

Old text:
   The format for the STARTTLS command is:

   STARTTLS

   with no parameters.

New text:
   The format for the STARTTLS command is:

   STARTTLS

   with no parameters.

   Because the server state machine is reset to an initial connection
   state after negotiating TLS, and any modifications to the server
   state will be lost, the client SHOULD NOT issue any MAIL
   FROM or RCPT TO commands prior to using the STARTTLS command.

This does not address the issue of one or more complete messages having
been sent prior to the STARTTLS command. Does this mean that such messages
should be discarded even though the "250 OK" response has been sent for
them?

All right, that's a bit of a stretch, but if we're talking about clarity
of the language, let's be clear.


-- 
Bill McQuillan <McQuilWP(_at_)pobox(_dot_)com>

<Prev in Thread] Current Thread [Next in Thread>