Re: STARTTLS & EHLO: Errata text?

Hector Santos <hsantos@santronics.com> Fri, 30 January 2009 20:07 UTC

Message-ID: <49835DE2.3030403@santronics.com>
Date: Fri, 30 Jan 2009 15:06:58 -0500
From: Hector Santos <hsantos@santronics.com>
Organization: Santronics Software, Inc.
User-Agent: Thunderbird 2.0.0.0 (Windows/20070326)
MIME-Version: 1.0
To: Tony Finch <dot@dotat.at>
CC: Tony Hansen <tony@att.com>, ietf-smtp@imc.org
Subject: Re: STARTTLS & EHLO: Errata text?
References: <497DE492.4080506@pscs.co.uk> <497DED29.70402@att.com> <497ED420.30708@pscs.co.uk> <alpine.LSU.2.00.0901271403220.4546@hermes-2.csi.cam.ac.uk> <497F86CB.60904@att.com> <alpine.LSU.2.00.0901281434440.4546@hermes-2.csi.cam.ac.uk> <498088B8.9040404@pscs.co.uk> <alpine.LSU.2.00.0901291310080.4546@hermes-2.csi.cam.ac.uk> <4981C0D5.1010401@pscs.co.uk> <4981C6BD.2040900@att.com> <37F39FF37390694B69567838@PST.JCK.COM> <4981E1AB.9000002@att.com> <alpine.LSU.2.00.0901301832470.4795@hermes-2.csi.cam.ac.uk>
In-Reply-To: <alpine.LSU.2.00.0901301832470.4795@hermes-2.csi.cam.ac.uk>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-smtp@mail.imc.org
Precedence: bulk

Tony Finch wrote:
> I suggest that this paragraph should read:
> 
>    Upon completion of the TLS handshake, the SMTP protocol is reset to
>    the initial state (the state in SMTP after a server issues a 220
>    service ready greeting).  The requirement in [RFC5321] that "a client
>    MUST issue HELO or EHLO before starting a mail transaction" also
>    applies to this fresh state.
> 
>    The server MUST NOT trust any knowledge obtained from the client before
>    the TLS negotiation itself.  The client MUST NOT trust any knowledge
>    obtained from the server before the TLS negotiation itself.  This
>    includes all commands, arguments, replies, and extended exchanges
>    (though in typical use there is little more than the client's EHLO
>    command and the server's reply).

This is much better form of the consolidated input.

But I still to get the  "Client MUST NOT trust" statement.  It has to 
trust, blind or otherwise, what the server presented up to this point 
before it can go to the next step.

In my view, I think it should say:

    The client MUST NOT presume the server extensions apply
    in the secure state as it may have changed.

To me, that is enough to give the client the incentive and 
understanding that it needs to re-issue EHLO.

Alternatively, stop confusing people any further with these beating 
around the bush subjective reasons, nix all attempts to explain the 
"whys," and just say:

   The client MUST re-issue the EHLO/HELO before attempting to begin
   a MAIL FROM transaction after secured SMTP is established.

which would keep it consistent with 2821/5321.

-- 
Sincerely

Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com

Re: STARTTLS & EHLO: Errata text? Hector Santos
Re: STARTTLS & EHLO: Errata text? Tony Finch
Re: STARTTLS & EHLO: Errata text? Hector Santos
Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
Re: STARTTLS & EHLO: Errata text? Tony Finch
Re: STARTTLS & EHLO: Errata text? Tony Finch
Re: STARTTLS & EHLO: Errata text? Tony Finch
Re: STARTTLS & EHLO: Errata text? Russ Allbery
Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
Re: STARTTLS & EHLO: Errata text? SM
Re: STARTTLS & EHLO: Errata text? Hector Santos
Re: STARTTLS & EHLO: Errata text? John C Klensin
Re: STARTTLS & EHLO: Errata text? Paul Smith
Re: STARTTLS & EHLO: Errata text? Paul Smith
Re: STARTTLS & EHLO Tony Hansen
Re: STARTTLS & EHLO: Errata text? Russ Allbery
Re: STARTTLS & EHLO: Errata text? Hector Santos
Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
Re: STARTTLS & EHLO: Errata text? John C Klensin
Re: STARTTLS & EHLO: Errata text? Hector Santos
Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
Re: STARTTLS & EHLO: Errata text? Alexey Melnikov
Re: STARTTLS & EHLO: Errata text? Alexey Melnikov
Re: STARTTLS & EHLO: Errata text? SM
Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
Re: STARTTLS & EHLO: Errata text? Hector Santos
Re: STARTTLS & EHLO: Errata text? Bill McQuillan
Re: STARTTLS & EHLO: Errata text? John C Klensin
Re: STARTTLS & EHLO: Errata text? SM
Re: STARTTLS & EHLO: Errata text? Alexey Melnikov
Re: STARTTLS & EHLO: Errata text? Tony Hansen
Re: STARTTLS & EHLO John C Klensin
Re: STARTTLS & EHLO Tony Hansen
Re: STARTTLS & EHLO Paul Smith
Re: STARTTLS & EHLO Tony Finch
Re: STARTTLS & EHLO Hector Santos
Re: STARTTLS & EHLO SM
Re: STARTTLS & EHLO John C Klensin
Re: STARTTLS & EHLO Tony Hansen
Re: STARTTLS & EHLO Peter Bowyer
Re: STARTTLS & EHLO Hector Santos
Re: STARTTLS & EHLO Paul Smith
Re: STARTTLS & EHLO Tony Finch
Re: STARTTLS & EHLO Paul Smith
Re: STARTTLS & EHLO John C Klensin
Re: STARTTLS & EHLO Tony Hansen
Re: STARTTLS & EHLO Tony Finch
Re: STARTTLS & EHLO Alessandro Vesely
Re: STARTTLS & EHLO Paul Smith
Re: STARTTLS & EHLO Alexey Melnikov
Re: STARTTLS & EHLO Tony Finch
Re: STARTTLS & EHLO John C Klensin
Re: STARTTLS & EHLO Tony Hansen
STARTTLS & EHLO Paul Smith
Re: STARTTLS & EHLO: Errata text? SM
Re: STARTTLS & EHLO: Errata text? Hector Santos
Re: STARTTLS & EHLO: Errata text? SM
Re: STARTTLS & EHLO: Errata text? Hector Santos
Re: STARTTLS & EHLO: Errata text? John C Klensin
Re: STARTTLS & EHLO: Errata text? Tony Finch
RFC 1123bis? Hector Santos
Re: STARTTLS & EHLO: Errata text? John C Klensin
Re: STARTTLS & EHLO: Errata text? Hector Santos
Re: STARTTLS & EHLO: Errata text? John C Klensin
Re: STARTTLS & EHLO: Errata text? Tony Finch
Re: STARTTLS & EHLO: Errata text? SM