--On Friday, January 30, 2009 9:39 +0000 Paul Smith
John C Klensin wrote:
The client SHOULD send an EHLO command as the
first command after a successful TLS negotiation.
The client MUST send either an EHLO command or a HELO
command as the first command after a successful TLS
s/HELO command as/HELO command, or a command that does not
require that a mail transaction be open, as/
That can be done in several other ways, but I don't think you
can or should prohibit VRFY, EXPN, HELP, etc., there.
Just going back a step, shouldn't it be worded something like
"The client MUST send a EHLO command after a successful TLS
negotiation if it wishes to start a mail transaction or use
any SMTP extensions."
Because that's actually what we mean.
Also, saying 'or a command that does not require that a mail
transaction be open' means that you could use an SMTP
extension which was advertised before the STARTTLS, as long as
it doesn't involve a mail transaction, without resending EHLO.
That would be a better fix, as would something along the lines
of the "must not trust" suggestion, as long as it was absolutely
clear whether or not EHLO needed to be resent (I think is does
because the client can't know whether or not the server intends
to make use of the argument).