[Top] [All Lists]

Re: RSET command - possible security loophole

2011-05-30 18:52:26

Hi Hector,
At 14:10 30-05-2011, Hector Santos wrote:
But in general, for RFC5321, this "security" information should be conveyed in regards to the RSET command. Perhaps:

   Any stored sender, recipients, and mail data MUST be discarded, and all
   buffers and state tables cleared which the possible exception of local
   policy transactional session security state information that may need
   to be retained for the current SMTP session.

Please note that there has been a pre-evaluation of RFC 5321 [1]. There is also an IETF WG [2] which is chartered to work on RFC 5321. I recommend reading the charter carefully as it spells out the scope of changes if 5321 is processed by the WG.


<Prev in Thread] Current Thread [Next in Thread>