ietf-smtp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: STARTTLS & EHLO: Errata text?

2009-01-30 13:45:52
from [Tony Finch] [Permanent Link] 

On Thu, 29 Jan 2009, ned+ietf-smtp(_at_)mrochek(_dot_)com wrote:



I would like suggest an alternative: how about saying

    The server MUST NOT trust any information obtained
    from the client, such as command verbs and their arguments, prior to
    the TLS negotiation.
    The client MUST NOT trust any information obtained from the server,
    such as the list of SMTP service extensions,
    prior to the TLS negotiation.

This avoid the whole issue of what the client/server must and must not
remember.


Very clever - it focuses on the real issue and avoids the slippery slope. . I
like it a lot. This is definitely the way to go.


+1

Tony.
-- 
f.anthony.n.finch  <dot(_at_)dotat(_dot_)at>  http://dotat.at/
GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS.
MODERATE OR GOOD.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: RFC 5321bis / 2821ter, John C Klensin
Next by Date:  Re: STARTTLS & EHLO: Errata text?, Tony Finch
Previous by Thread:  Re: STARTTLS & EHLO: Errata text?, ned+ietf-smtp
Next by Thread:  Re: STARTTLS & EHLO: Errata text?, Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]