Re: STARTTLS & EHLO
John C Klensin <john+smtp@jck.com> Mon, 26 January 2009 17:57 UTC
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0QHvXZm027593 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 26 Jan 2009 10:57:33 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0QHvXSP027592; Mon, 26 Jan 2009 10:57:33 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f
Received: from bs.jck.com (ns.jck.com [209.187.148.211]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0QHvLgJ027582 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for <ietf-smtp@imc.org>; Mon, 26 Jan 2009 10:57:33 -0700 (MST) (envelope-from john+smtp@jck.com)
Received: from [127.0.0.1] (helo=localhost) by bs.jck.com with esmtp (Exim 4.34) id 1LRVi4-000FMw-Go; Mon, 26 Jan 2009 12:57:20 -0500
Date: Mon, 26 Jan 2009 12:57:19 -0500
From: John C Klensin <john+smtp@jck.com>
To: Tony Hansen <tony@att.com>, ietf-smtp@imc.org
Subject: Re: STARTTLS & EHLO
Message-ID: <62F21B7FAF870CE227D9F6CC@[192.168.1.118]>
In-Reply-To: <497DED29.70402@att.com>
References: <497DE492.4080506@pscs.co.uk> <497DED29.70402@att.com>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Sender: owner-ietf-smtp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smtp/mail-archive/>
List-ID: <ietf-smtp.imc.org>
List-Unsubscribe: <mailto:ietf-smtp-request@imc.org?body=unsubscribe>
--On Monday, January 26, 2009 12:04 PM -0500 Tony Hansen <tony@att.com> wrote: > > At the heart of this question is whether a client is free to > use an extension supported by the server if they haven't > issued an EHLO? This question holds true for any extension, > not just for STARTTLS. Is issuing an EHLO an enabler for the > extension as well as a query to determine which extensions are > supported by the server? > > To answer these questions, I note this text in RFC 5321 > highlighted with >>>> <<<: > > 3.2. Client Initiation > > Once the server has sent the greeting (welcoming) message > and the client has received it, the client normally sends > the EHLO command to the server, indicating the client's > identity. In addition to opening the session, use of EHLO > >>>indicates that the client is able to process service > extensions<<< and requests that the server provide a list > of the extensions it supports. > > So this indicates to me that EHLO does indeed act as a gateway > and enabler to the use of extensions. So I'd argue that a > server is free to reject the use of any extensions unless a > client has used EHLO prior to that. Indeed. Also, while I don't have time to find it right now, I'm quite sure that there is a statement in 5321 that says that the client MUST NOT try to exercise any extension not explicitly offered by the server. > By extension, if you expect to use any further SMTP extensions > after negotiating TLS, I think you MUST resend an EHLO. Yes, that is certainly how I would read the quoted 3207 text. > However, if you're *not* using any further extensions after > STARTTLS was sent, I don't see a requirement. So consequently, > since you say you're not using any other extensions, I don't > see the case for them refusing the message at that point > without the EHLO. Right. The quoted 3207 text says to me that the server is required discard the data sent earlier by the client as part of EHLO. I don't see any expectation that it be required to discard the fact that EHLO was sent. Indeed, unless there is something else in 3207, the client isn't even required to discard the response from EHLO with the server-supported feature list, so one can make a case that it is not necessary to reissue EHLO at all, although a client that does not do so should expect "no, bozo, I will accept that extension from some domains and not others, and you are not one of the permitted ones" response from the server. If that is a plausible reading of 3207, then it could probably do with a bit of clarification. john
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- Re: STARTTLS & EHLO: Errata text? Russ Allbery
- Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
- Re: STARTTLS & EHLO: Errata text? SM
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? Paul Smith
- Re: STARTTLS & EHLO: Errata text? Paul Smith
- Re: STARTTLS & EHLO Tony Hansen
- Re: STARTTLS & EHLO: Errata text? Russ Allbery
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
- Re: STARTTLS & EHLO: Errata text? Alexey Melnikov
- Re: STARTTLS & EHLO: Errata text? Alexey Melnikov
- Re: STARTTLS & EHLO: Errata text? SM
- Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? Bill McQuillan
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? SM
- Re: STARTTLS & EHLO: Errata text? Alexey Melnikov
- Re: STARTTLS & EHLO: Errata text? Tony Hansen
- Re: STARTTLS & EHLO John C Klensin
- Re: STARTTLS & EHLO Tony Hansen
- Re: STARTTLS & EHLO Paul Smith
- Re: STARTTLS & EHLO Tony Finch
- Re: STARTTLS & EHLO Hector Santos
- Re: STARTTLS & EHLO SM
- Re: STARTTLS & EHLO John C Klensin
- Re: STARTTLS & EHLO Tony Hansen
- Re: STARTTLS & EHLO Peter Bowyer
- Re: STARTTLS & EHLO Hector Santos
- Re: STARTTLS & EHLO Paul Smith
- Re: STARTTLS & EHLO Tony Finch
- Re: STARTTLS & EHLO Paul Smith
- Re: STARTTLS & EHLO John C Klensin
- Re: STARTTLS & EHLO Tony Hansen
- Re: STARTTLS & EHLO Tony Finch
- Re: STARTTLS & EHLO Alessandro Vesely
- Re: STARTTLS & EHLO Paul Smith
- Re: STARTTLS & EHLO Alexey Melnikov
- Re: STARTTLS & EHLO Tony Finch
- Re: STARTTLS & EHLO John C Klensin
- Re: STARTTLS & EHLO Tony Hansen
- STARTTLS & EHLO Paul Smith
- Re: STARTTLS & EHLO: Errata text? SM
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? SM
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- RFC 1123bis? Hector Santos
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- Re: STARTTLS & EHLO: Errata text? SM