Re: STARTTLS & EHLO: Errata text?

[Bill McQuillan <McQuilWP@pobox.com>]

On Thu, 2009-01-29, Tony Hansen wrote:

> If we were to write an Errata against RFC 3207, I'd suggest text such as
> the following (in Errata format):

> Section:
>    4.2 Result of the STARTTLS Command

> Old text:
>    The server MUST discard any knowledge obtained from the client, such
>    as the argument to the EHLO command, which was not obtained from the
>    TLS negotiation itself.

> New text:
>    The server MUST discard any knowledge obtained from the client that
>    was not obtained from the TLS negotiation itself. The server state
>    is otherwise as if the connection had just been opened.

This could be read to mean that the server should send the 220 greeting
again. I don't think that's what you want. I think the phrase should be
"initial state" instead of "connection had just been opened".

> Reason:
>    The example is misleading and has lead some people to think that
>    knowledge of an EHLO having been sent previously should be
>    remembered.

[...]

> Section:
>    4. The STARTTLS Command

> Old text:
>    The format for the STARTTLS command is:

>    STARTTLS

>    with no parameters.

> New text:
>    The format for the STARTTLS command is:

>    STARTTLS

>    with no parameters.

>    Because the server state machine is reset to an initial connection
>    state after negotiating TLS, and any modifications to the server
>    state will be lost, the client SHOULD NOT issue any MAIL
>    FROM or RCPT TO commands prior to using the STARTTLS command.

This does not address the issue of one or more complete messages having
been sent prior to the STARTTLS command. Does this mean that such messages
should be discarded even though the "250 OK" response has been sent for
them?

All right, that's a bit of a stretch, but if we're talking about clarity
of the language, let's be clear.


-- 
Bill McQuillan <McQuilWP@pobox.com>