ietf-smtp
[Top] [All Lists]

Re: RSET command - possible security loophole

2011-05-31 17:23:27



--On Tuesday, May 31, 2011 14:48 -0700 Ned Freed
<ned(_dot_)freed(_at_)mrochek(_dot_)com> wrote:

With respect to authentication, it's arguable that there
should be some way to "logout" without ending the current
TCP session.   But that would have to be a separate SMTP
extension.

Right.   Or part of a particular authentication extension.

I think defining an
UNAUTHENTICATE/LOGOUT/whatever-you-want-to-call-it extension
would be a great idea, but it's definitely a separate effort
from any of this

Absolutely.  If I wasn't clear about that "separate effort", I
apologize.

  john


<Prev in Thread] Current Thread [Next in Thread>