[Top] [All Lists]

Re: STARTTLS & EHLO: Errata text?

2009-01-30 15:22:03

Tony Finch wrote:
I suggest that this paragraph should read:

   Upon completion of the TLS handshake, the SMTP protocol is reset to
   the initial state (the state in SMTP after a server issues a 220
   service ready greeting).  The requirement in [RFC5321] that "a client
   MUST issue HELO or EHLO before starting a mail transaction" also
   applies to this fresh state.

   The server MUST NOT trust any knowledge obtained from the client before
   the TLS negotiation itself.  The client MUST NOT trust any knowledge
   obtained from the server before the TLS negotiation itself.  This
   includes all commands, arguments, replies, and extended exchanges
   (though in typical use there is little more than the client's EHLO
   command and the server's reply).

This is much better form of the consolidated input.

But I still to get the "Client MUST NOT trust" statement. It has to trust, blind or otherwise, what the server presented up to this point before it can go to the next step.

In my view, I think it should say:

   The client MUST NOT presume the server extensions apply
   in the secure state as it may have changed.

To me, that is enough to give the client the incentive and understanding that it needs to re-issue EHLO.

Alternatively, stop confusing people any further with these beating around the bush subjective reasons, nix all attempts to explain the "whys," and just say:

  The client MUST re-issue the EHLO/HELO before attempting to begin
  a MAIL FROM transaction after secured SMTP is established.

which would keep it consistent with 2821/5321.


Hector Santos, CTO

<Prev in Thread] Current Thread [Next in Thread>