IETF Logo Mail Archive

Re: STARTTLS & EHLO: Errata text?

SM <sm@resistor.net> Sun, 01 February 2009 22:39 UTC

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n11Md0cm008839 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 1 Feb 2009 15:39:00 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n11Md0ki008838; Sun, 1 Feb 2009 15:39:00 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f
Received: from ns1.qubic.net (ns1.qubic.net [208.69.177.116]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n11Mcme0008822 for <ietf-smtp@imc.org>; Sun, 1 Feb 2009 15:38:59 -0700 (MST) (envelope-from sm@resistor.net)
Received: from subman.resistor.net ([10.0.0.1]) (authenticated bits=0) by ns1.qubic.net (8.14.4.Alpha0/8.14.4.Alpha0) with ESMTP id n11Mcah8005904 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 1 Feb 2009 14:38:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=resistor.net; s=mail; t=1233527926; x=1233614326; bh=dMPZ9kB1I/ze1NcY7aKfn5pRSQS2nl+h754zZi5dG7c=; h=Message-Id:Date:To:From:Subject:Cc:In-Reply-To:References: Mime-Version:Content-Type; b=cRjOf6xrxxWmNZWyTpHpV/p0urPSmMdfmnVcAuDNA1cqnRcputL6LpISR/rud3yxW pGfUdL1NMXGc1dOz0tW+i4yqIeM1lTthuyB2GTdo8ufY5bJIseZ7hnPNoDq4b1a2JM QEgt3XLPP+QyONP8inzNvW5wC3NfGxlIB09RIbPs=
DomainKey-Signature: a=rsa-sha1; s=mail; d=resistor.net; c=simple; q=dns; b=IOEYKA7C2TYmWhhUUfO0eQXzVVdU06sGMn3eq0+x9aeHsFxFsUiQr13yY0SeNns0h pH+8EnjFf7hijT7K+wvseM7NTzmY1p2MQzAfOR6C3OHjQfM76FwuqcSZH5zHCw/ZvVK xFowFn8GwmOwXXLz2Lr16okiWP2Po5LnvNEiW+A=
Message-Id: <6.2.5.6.2.20090201133008.02d2ec00@resistor.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Sun, 01 Feb 2009 14:36:56 -0800
To: Hector Santos <hsantos@santronics.com>
From: SM <sm@resistor.net>
Subject: Re: STARTTLS & EHLO: Errata text?
Cc: ietf-smtp@imc.org
In-Reply-To: <4985FCD8.8040305@santronics.com>
References: <497DE492.4080506@pscs.co.uk> <497DED29.70402@att.com> <497ED420.30708@pscs.co.uk> <alpine.LSU.2.00.0901271403220.4546@hermes-2.csi.cam.ac.uk> <497F86CB.60904@att.com> <alpine.LSU.2.00.0901281434440.4546@hermes-2.csi.cam.ac.uk> <498088B8.9040404@pscs.co.uk> <alpine.LSU.2.00.0901291310080.4546@hermes-2.csi.cam.ac.uk> <4981C0D5.1010401@pscs.co.uk> <4981C6BD.2040900@att.com> <37F39FF37390694B69567838@PST.JCK.COM> <4981E1AB.9000002@att.com> <alpine.LSU.2.00.0901301832470.4795@hermes-2.csi.cam.ac.uk> <49835DE2.3030403@santronics.com> <alpine.LSU.2.00.0901312021190.14750@hermes-2.csi.cam.ac.uk> <4984C49C.5030401@santronics.com> <alpine.LSU.2.00.0902011706190.10756@hermes-2.csi.cam.ac.uk> <AE5689449BAC89829F0DD5E7@PST.JCK.COM> <4985FCD8.8040305@santronics.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: owner-ietf-smtp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smtp/mail-archive/>
List-ID: <ietf-smtp.imc.org>
List-Unsubscribe: <mailto:ietf-smtp-request@imc.org?body=unsubscribe>

Hi Hector,
At 11:49 01-02-2009, Hector Santos wrote:
>I was thinking of 3207 with text similar to:
>
>     The secured SMTP client MUST resend the EHLO command and the
>     secured SMTP server MUST be prepared to issue an 503
>     for any out of sequence commands by legacy 3207 clients.
>
>Why?
>
>Our server, and probably others, based on the original relaxed 
>semantics "Client SHOULD resent EHLO/HELO" guideline, does not 
>enforce it simply because it didn't say MUST.

If you say MUST in that part of the text in RFC 3207, you'll have to 
explain about when EHLO is not required.  If the HELO/EHLO guidelines 
were different from RFC 2821, it should have been mentioned in RFC 
3207.  But they are not.  For those who might point out that we are 
sending two EHLOs, I'll mention that it is clearly stated that the 
SMTP protocol is reset.

>In other words, the secured client can continue with a MAIL FROM and 
>the normal reply codes associates with it apply, but not 503 because 
>it wasn't deem necessary at this stage.

There is no need for a requirement to issue a 503 reply as we already 
know that the reply is applicable if we send out of sequence commands.

>On the other hand, if 3207 is altered to enforce a MUST, then we 
>need to change our server and in that vain, I reject this 3207 
>change to a MUST.  However, since most secured clients do resend 
>EHLO, I don't see that as having an impact on existing 
>installations.  Our secured server is not going to fail the secured 
>session if the secured client does not resent EHLO.

Errata text should not create a situation where existing 
implementations which were fully compliant with RFC 3207 have to be 
modified unless it is to fix a mistake.  We have two possibilities 
for a mail transaction, the client sends MAIL FROM: after the TLS 
handshake without doing an EHLO first:

   1. The server rejects the command.

   2. The server accepts the command.

For point 1, the client has a problem then as it cannot proceed with 
the mail transaction.  That is the question we have been trying to 
clarify with the proposed text.

There is nothing wrong with point 2.  Be careful about service 
extensions though as the client cannot trust the list it received previously.

>So at the very least, if 3207 text is changed to MUST, it should 
>include some additional text, call it a "reminder" text if you wish 
>to the above text. Who knows, if the server in the example did issue 
>the 503, then maybe the OP's client designer might have seen the 
>necessity to add logic to restart with EHLO, and thus, no discussion 
>would be necessary.

I doubt that putting in "reminder" text would change anything.

Regards,
-sm

v2.23.0 | Report a Bug | By Email