Re: STARTTLS & EHLO
Tony Hansen <tony@att.com> Mon, 26 January 2009 17:05 UTC
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0QH53DZ023569 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 26 Jan 2009 10:05:03 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0QH53ue023568; Mon, 26 Jan 2009 10:05:03 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f
Received: from mail146.messagelabs.com (mail146.messagelabs.com [216.82.241.147]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0QH4pjc023550 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <ietf-smtp@imc.org>; Mon, 26 Jan 2009 10:05:02 -0700 (MST) (envelope-from tony@att.com)
X-VirusChecked: Checked
X-Env-Sender: tony@att.com
X-Msg-Ref: server-5.tower-146.messagelabs.com!1232989492!11908758!1
X-StarScan-Version: 6.0.0; banners=-,-,-
X-Originating-IP: [144.160.20.54]
Received: (qmail 30355 invoked from network); 26 Jan 2009 17:04:52 -0000
Received: from sbcsmtp7.sbc.com (HELO mlpi135.enaf.sfdc.sbc.com) (144.160.20.54) by server-5.tower-146.messagelabs.com with AES256-SHA encrypted SMTP; 26 Jan 2009 17:04:52 -0000
Received: from enaf.sfdc.sbc.com (localhost.localdomain [127.0.0.1]) by mlpi135.enaf.sfdc.sbc.com (8.14.3/8.14.3) with ESMTP id n0QH4oS9002677 for <ietf-smtp@imc.org>; Mon, 26 Jan 2009 12:04:50 -0500
Received: from alph001.aldc.att.com (alph001.aldc.att.com [135.53.7.26]) by mlpi135.enaf.sfdc.sbc.com (8.14.3/8.14.3) with ESMTP id n0QH4mjP002654 for <ietf-smtp@imc.org>; Mon, 26 Jan 2009 12:04:49 -0500
Received: from aldc.att.com (localhost.localdomain [127.0.0.1]) by alph001.aldc.att.com (8.14.0/8.14.0) with ESMTP id n0QH4mGE001867 for <ietf-smtp@imc.org>; Mon, 26 Jan 2009 12:04:48 -0500
Received: from maillennium.att.com (mailgw1.maillennium.att.com [135.25.114.99]) by alph001.aldc.att.com (8.14.0/8.14.0) with ESMTP id n0QH4haP001761 for <ietf-smtp@imc.org>; Mon, 26 Jan 2009 12:04:43 -0500
Received: from [135.70.102.51] (vpn-135-70-102-51.vpn.swst.att.com[135.70.102.51](untrusted sender)) by maillennium.att.com (mailgw1) with ESMTP id <20090126170442gw1000u6ete> (Authid: tony); Mon, 26 Jan 2009 17:04:42 +0000
Message-ID: <497DED29.70402@att.com>
Date: Mon, 26 Jan 2009 12:04:41 -0500
From: Tony Hansen <tony@att.com>
User-Agent: Thunderbird 2.0.0.19 (Windows/20081209)
MIME-Version: 1.0
To: ietf-smtp@imc.org
Subject: Re: STARTTLS & EHLO
References: <497DE492.4080506@pscs.co.uk>
In-Reply-To: <497DE492.4080506@pscs.co.uk>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-smtp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smtp/mail-archive/>
List-ID: <ietf-smtp.imc.org>
List-Unsubscribe: <mailto:ietf-smtp-request@imc.org?body=unsubscribe>
At the heart of this question is whether a client is free to use an extension supported by the server if they haven't issued an EHLO? This question holds true for any extension, not just for STARTTLS. Is issuing an EHLO an enabler for the extension as well as a query to determine which extensions are supported by the server? To answer these questions, I note this text in RFC 5321 highlighted with >>><<<: 3.2. Client Initiation Once the server has sent the greeting (welcoming) message and the client has received it, the client normally sends the EHLO command to the server, indicating the client's identity. In addition to opening the session, use of EHLO >>>indicates that the client is able to process service extensions<<< and requests that the server provide a list of the extensions it supports. So this indicates to me that EHLO does indeed act as a gateway and enabler to the use of extensions. So I'd argue that a server is free to reject the use of any extensions unless a client has used EHLO prior to that. By extension, if you expect to use any further SMTP extensions after negotiating TLS, I think you MUST resend an EHLO. However, if you're *not* using any further extensions after STARTTLS was sent, I don't see a requirement. So consequently, since you say you're not using any other extensions, I don't see the case for them refusing the message at that point without the EHLO. Tony Hansen tony@att.com Paul Smith wrote: > We've just had a small issue come up wrt STARTTLS and I was wondering if > it was a mistake in RFC 3207, or just me :) > > We did a quick patch for someone and added STARTTLS into a new part of > our software in a special build. For speed of releasing the patch, we > didn't make it issue a new EHLO afterwards, based on section 4.2 of RFC 3207 > > " The client SHOULD send an EHLO command as the > first command after a successful TLS negotiation." > > > (SHOULD, not MUST). We were planning to add the extra EHLO in before > this went to a general release (we don't need to know about any > extensions other than that STARTTLS, so it's not necessary from our PoV) > . Anyway, 99.9% of the time, it's OK, but they have encountered one > recipient which refuses to accept the message in this case. So, they > seem to be treating the 'SHOULD' as 'MUST'. > > Now, earlier in section 4.2, it says " > > " The server MUST discard any knowledge > obtained from the client, such as the argument to the EHLO command, > which was not obtained from the TLS negotiation itself" > > > which I guess is why they are rejecting the message, because (since they > have discarded the fact that we have previously sent EHLO) they are > complaining that we haven't sent EHLO yet. > > So, should the 'SHOULD' be a 'MUST' in this RFC, or is the other server > incorrect? >
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- Re: STARTTLS & EHLO: Errata text? Russ Allbery
- Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
- Re: STARTTLS & EHLO: Errata text? SM
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? Paul Smith
- Re: STARTTLS & EHLO: Errata text? Paul Smith
- Re: STARTTLS & EHLO Tony Hansen
- Re: STARTTLS & EHLO: Errata text? Russ Allbery
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
- Re: STARTTLS & EHLO: Errata text? Alexey Melnikov
- Re: STARTTLS & EHLO: Errata text? Alexey Melnikov
- Re: STARTTLS & EHLO: Errata text? SM
- Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? Bill McQuillan
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? SM
- Re: STARTTLS & EHLO: Errata text? Alexey Melnikov
- Re: STARTTLS & EHLO: Errata text? Tony Hansen
- Re: STARTTLS & EHLO John C Klensin
- Re: STARTTLS & EHLO Tony Hansen
- Re: STARTTLS & EHLO Paul Smith
- Re: STARTTLS & EHLO Tony Finch
- Re: STARTTLS & EHLO Hector Santos
- Re: STARTTLS & EHLO SM
- Re: STARTTLS & EHLO John C Klensin
- Re: STARTTLS & EHLO Tony Hansen
- Re: STARTTLS & EHLO Peter Bowyer
- Re: STARTTLS & EHLO Hector Santos
- Re: STARTTLS & EHLO Paul Smith
- Re: STARTTLS & EHLO Tony Finch
- Re: STARTTLS & EHLO Paul Smith
- Re: STARTTLS & EHLO John C Klensin
- Re: STARTTLS & EHLO Tony Hansen
- Re: STARTTLS & EHLO Tony Finch
- Re: STARTTLS & EHLO Alessandro Vesely
- Re: STARTTLS & EHLO Paul Smith
- Re: STARTTLS & EHLO Alexey Melnikov
- Re: STARTTLS & EHLO Tony Finch
- Re: STARTTLS & EHLO John C Klensin
- Re: STARTTLS & EHLO Tony Hansen
- STARTTLS & EHLO Paul Smith
- Re: STARTTLS & EHLO: Errata text? SM
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? SM
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- RFC 1123bis? Hector Santos
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- Re: STARTTLS & EHLO: Errata text? SM