Re: STARTTLS & EHLO: Errata text?
SM <sm@resistor.net> Thu, 29 January 2009 18:49 UTC
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0TIn1kB034700 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 29 Jan 2009 11:49:01 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0TIn1Z7034699; Thu, 29 Jan 2009 11:49:01 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f
Received: from ns1.qubic.net (ns1.qubic.net [208.69.177.116]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0TImoOw034686 for <ietf-smtp@imc.org>; Thu, 29 Jan 2009 11:49:01 -0700 (MST) (envelope-from sm@resistor.net)
Received: from subman.resistor.net ([10.0.0.1]) (authenticated bits=0) by ns1.qubic.net (8.14.4.Alpha0/8.14.4.Alpha0) with ESMTP id n0TImbvW021736 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 29 Jan 2009 10:48:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=resistor.net; s=mail; t=1233254927; x=1233341327; bh=ibRHKELMUHmXq2dxHzw/19AApLefrPjnCi3OoOdOn0Y=; h=Message-Id:Date:To:From:Subject:Cc:In-Reply-To:References: Mime-Version:Content-Type; b=lWc0Rujq6M5yZK0LgxLdISbp2jK9nOuYUpGZWcrGIs8vOXrtF9vALXQXuBBo7B670 FKx32oWLJZYN3/UsntqVrOB9uiu+pBhFGSEUXsfrJwXxkFRFpqXNNvBDmNI44jvCcx EBrNzj+QEpTAHLBsHAf5sRoULvNe3Zg+RxBHb4zI=
DomainKey-Signature: a=rsa-sha1; s=mail; d=resistor.net; c=simple; q=dns; b=cLof60GzX24+0dK6VNfLru53S5Qr/5bII0XxgasRS+RBw+ySi0b+pi+tgrFrhdLRC /eqp36H9Zj8xXoqSd0zonXWNUhEN8Y3HLCcQgeYRc+Kgl16FJY4Y1W88xeuzA5/b2Bs wRTaCpLPCieAtZPoSeg6QHsaRg/J6NgcpPLfbs4=
Message-Id: <6.2.5.6.2.20090129094120.02f234a0@resistor.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Thu, 29 Jan 2009 10:46:43 -0800
To: Tony Hansen <tony@att.com>
From: SM <sm@resistor.net>
Subject: Re: STARTTLS & EHLO: Errata text?
Cc: ietf-smtp@imc.org
In-Reply-To: <4981E1AB.9000002@att.com>
References: <497DE492.4080506@pscs.co.uk> <497DED29.70402@att.com> <497ED420.30708@pscs.co.uk> <alpine.LSU.2.00.0901271403220.4546@hermes-2.csi.cam.ac.uk> <497F86CB.60904@att.com> <alpine.LSU.2.00.0901281434440.4546@hermes-2.csi.cam.ac.uk> <498088B8.9040404@pscs.co.uk> <alpine.LSU.2.00.0901291310080.4546@hermes-2.csi.cam.ac.uk> <4981C0D5.1010401@pscs.co.uk> <4981C6BD.2040900@att.com> <37F39FF37390694B69567838@PST.JCK.COM> <4981E1AB.9000002@att.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: owner-ietf-smtp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smtp/mail-archive/>
List-ID: <ietf-smtp.imc.org>
List-Unsubscribe: <mailto:ietf-smtp-request@imc.org?body=unsubscribe>
Hi Tony, Some of the text in this message is from from RFC 3207. At 09:04 29-01-2009, Tony Hansen wrote: >If we were to write an Errata against RFC 3207, I'd suggest text such as >the following (in Errata format): > >Section: > 4.2 Result of the STARTTLS Command > >Old text: > The server MUST discard any knowledge obtained from the client, such > as the argument to the EHLO command, which was not obtained from the > TLS negotiation itself. > >New text: > The server MUST discard any knowledge obtained from the client that > was not obtained from the TLS negotiation itself. The server state > is otherwise as if the connection had just been opened. > >Reason: > The example is misleading and has lead some people to think that > knowledge of an EHLO having been sent previously should be > remembered. Quoting the entire paragraph from the RFC: "Upon completion of the TLS handshake, the SMTP protocol is reset to the initial state (the state in SMTP after a server issues a 220 service ready greeting). The server MUST discard any knowledge obtained from the client, such as the argument to the EHLO command, which was not obtained from the TLS negotiation itself. The client MUST discard any knowledge obtained from the server, such as the list of SMTP service extensions, which was not obtained from the TLS negotiation itself. The client SHOULD send an EHLO command as the first command after a successful TLS negotiation." Updated text: Upon completion of the TLS handshake, the SMTP protocol is reset to the initial state (the state in SMTP after a server issues a 220 service ready greeting). The server MUST discard any knowledge obtained from the client, such as command verbs and their arguments, that was not obtained from the TLS negotiation itself. The client MUST discard any knowledge obtained from the server, such as the list of SMTP service extensions, which was not obtained from the TLS negotiation itself. As the server state is as when a SMTP session is initiated, the client SHOULD send an EHLO command as the first command after a successful TLS negotiation. >New text: > The client MUST send either an EHLO command or a HELO command as the > first command after a successful TLS negotiation. As the two ends are support EHLO, there is no need to have HELO there. I suggest leaving the MUST to the next revision. >Reason: > Since the state is reset to that of a connection having just been > opened, the requirement from RFC 5321 applies: > > In any event, a client MUST issue HELO or EHLO before starting a > mail transaction. I didn't use MUST for the EHLO because there isn't any restriction on whether the client can only perform mail transactions in RFC 3207 or RFC 5321. In the updated text, it is implied that the client must not forget that the server supports the STARTTLS extension. Do we expressly need to say that? :-) >Section: > 4. The STARTTLS Command > >Old text: > The format for the STARTTLS command is: > > STARTTLS > > with no parameters. > >New text: > The format for the STARTTLS command is: > > STARTTLS > > with no parameters. > > Because the server state machine is reset to an initial connection > state after negotiating TLS, and any modifications to the server > state will be lost, the client SHOULD NOT issue any MAIL > FROM or RCPT TO commands prior to using the STARTTLS command. Agreed. >Now for the $64k questions: > >1) Is there consensus behind this viewpoint? See updated text. >3) If so, who wants to file the Errata? You have already volunteered. :-) Regards, -sm
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- Re: STARTTLS & EHLO: Errata text? Russ Allbery
- Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
- Re: STARTTLS & EHLO: Errata text? SM
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? Paul Smith
- Re: STARTTLS & EHLO: Errata text? Paul Smith
- Re: STARTTLS & EHLO Tony Hansen
- Re: STARTTLS & EHLO: Errata text? Russ Allbery
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
- Re: STARTTLS & EHLO: Errata text? Alexey Melnikov
- Re: STARTTLS & EHLO: Errata text? Alexey Melnikov
- Re: STARTTLS & EHLO: Errata text? SM
- Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? Bill McQuillan
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? SM
- Re: STARTTLS & EHLO: Errata text? Alexey Melnikov
- Re: STARTTLS & EHLO: Errata text? Tony Hansen
- Re: STARTTLS & EHLO John C Klensin
- Re: STARTTLS & EHLO Tony Hansen
- Re: STARTTLS & EHLO Paul Smith
- Re: STARTTLS & EHLO Tony Finch
- Re: STARTTLS & EHLO Hector Santos
- Re: STARTTLS & EHLO SM
- Re: STARTTLS & EHLO John C Klensin
- Re: STARTTLS & EHLO Tony Hansen
- Re: STARTTLS & EHLO Peter Bowyer
- Re: STARTTLS & EHLO Hector Santos
- Re: STARTTLS & EHLO Paul Smith
- Re: STARTTLS & EHLO Tony Finch
- Re: STARTTLS & EHLO Paul Smith
- Re: STARTTLS & EHLO John C Klensin
- Re: STARTTLS & EHLO Tony Hansen
- Re: STARTTLS & EHLO Tony Finch
- Re: STARTTLS & EHLO Alessandro Vesely
- Re: STARTTLS & EHLO Paul Smith
- Re: STARTTLS & EHLO Alexey Melnikov
- Re: STARTTLS & EHLO Tony Finch
- Re: STARTTLS & EHLO John C Klensin
- Re: STARTTLS & EHLO Tony Hansen
- STARTTLS & EHLO Paul Smith
- Re: STARTTLS & EHLO: Errata text? SM
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? SM
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- RFC 1123bis? Hector Santos
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- Re: STARTTLS & EHLO: Errata text? SM