Re: STARTTLS & EHLO
Alexey Melnikov <alexey.melnikov@isode.com> Mon, 26 January 2009 20:12 UTC
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0QKCpT7033799 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 26 Jan 2009 13:12:51 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0QKCpri033798; Mon, 26 Jan 2009 13:12:51 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f
Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0QKCeDX033772 for <ietf-smtp@imc.org>; Mon, 26 Jan 2009 13:12:51 -0700 (MST) (envelope-from alexey.melnikov@isode.com)
Received: from [92.40.187.17] (92.40.187.17.sub.mbb.three.co.uk [92.40.187.17]) by rufus.isode.com (submission channel) via TCP with ESMTPA id <SX4ZMwB0lDSk@rufus.isode.com>; Mon, 26 Jan 2009 20:12:38 +0000
Message-ID: <497E1912.6030208@isode.com>
Date: Mon, 26 Jan 2009 20:12:02 +0000
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915
X-Accept-Language: en-us, en
To: Tony Finch <dot@dotat.at>
CC: John C Klensin <john+smtp@jck.com>, ietf-smtp@imc.org
Subject: Re: STARTTLS & EHLO
References: <497DE492.4080506@pscs.co.uk> <497DED29.70402@att.com> <62F21B7FAF870CE227D9F6CC@[192.168.1.118]> <alpine.LSU.2.00.0901261924250.4795@hermes-2.csi.cam.ac.uk>
In-Reply-To: <alpine.LSU.2.00.0901261924250.4795@hermes-2.csi.cam.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-smtp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smtp/mail-archive/>
List-ID: <ietf-smtp.imc.org>
List-Unsubscribe: <mailto:ietf-smtp-request@imc.org?body=unsubscribe>
Tony Finch wrote: >On Mon, 26 Jan 2009, John C Klensin wrote: > > >>Right. The quoted 3207 text says to me that the server is >>required discard the data sent earlier by the client as part of >>EHLO. I don't see any expectation that it be required to >>discard the fact that EHLO was sent. >> >> >The quote is: > The server MUST discard any knowledge > obtained from the client, such as the argument to the EHLO command, > which was not obtained from the TLS negotiation itself. The client > MUST discard any knowledge obtained from the server, such as the list > of SMTP service extensions, which was not obtained from the TLS > negotiation itself. > >The argument to EHLO is just an example and is clearly not the entirety of >what the server is supposed to discard. > > >>Indeed, unless there is something else in 3207, the client isn't >>even required to discard the response from EHLO with the >>server-supported feature list, >> >> >It is required to do so. > > Indeed. Before STARTTLS was negotiated there is no guaranty that a man-in-the-middle attacker hasn't modified the list of capabilities advertised by the server.
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- Re: STARTTLS & EHLO: Errata text? Russ Allbery
- Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
- Re: STARTTLS & EHLO: Errata text? SM
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? Paul Smith
- Re: STARTTLS & EHLO: Errata text? Paul Smith
- Re: STARTTLS & EHLO Tony Hansen
- Re: STARTTLS & EHLO: Errata text? Russ Allbery
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
- Re: STARTTLS & EHLO: Errata text? Alexey Melnikov
- Re: STARTTLS & EHLO: Errata text? Alexey Melnikov
- Re: STARTTLS & EHLO: Errata text? SM
- Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? Bill McQuillan
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? SM
- Re: STARTTLS & EHLO: Errata text? Alexey Melnikov
- Re: STARTTLS & EHLO: Errata text? Tony Hansen
- Re: STARTTLS & EHLO John C Klensin
- Re: STARTTLS & EHLO Tony Hansen
- Re: STARTTLS & EHLO Paul Smith
- Re: STARTTLS & EHLO Tony Finch
- Re: STARTTLS & EHLO Hector Santos
- Re: STARTTLS & EHLO SM
- Re: STARTTLS & EHLO John C Klensin
- Re: STARTTLS & EHLO Tony Hansen
- Re: STARTTLS & EHLO Peter Bowyer
- Re: STARTTLS & EHLO Hector Santos
- Re: STARTTLS & EHLO Paul Smith
- Re: STARTTLS & EHLO Tony Finch
- Re: STARTTLS & EHLO Paul Smith
- Re: STARTTLS & EHLO John C Klensin
- Re: STARTTLS & EHLO Tony Hansen
- Re: STARTTLS & EHLO Tony Finch
- Re: STARTTLS & EHLO Alessandro Vesely
- Re: STARTTLS & EHLO Paul Smith
- Re: STARTTLS & EHLO Alexey Melnikov
- Re: STARTTLS & EHLO Tony Finch
- Re: STARTTLS & EHLO John C Klensin
- Re: STARTTLS & EHLO Tony Hansen
- STARTTLS & EHLO Paul Smith
- Re: STARTTLS & EHLO: Errata text? SM
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? SM
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- RFC 1123bis? Hector Santos
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- Re: STARTTLS & EHLO: Errata text? SM