Re: POP handling commands given in wrong state

Mykyta Yevstifeyev <> Wed, 27 July 2011 04:56 UTC

Received: from (localhost []) by (8.14.4/8.14.3) with ESMTP id p6R4uOOQ046031 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 26 Jul 2011 21:56:24 -0700 (MST) (envelope-from
Received: (from majordom@localhost) by (8.14.4/8.13.5/Submit) id p6R4uOlo046030; Tue, 26 Jul 2011 21:56:24 -0700 (MST) (envelope-from
X-Authentication-Warning: majordom set sender to using -f
Received: from ( []) by (8.14.4/8.14.3) with ESMTP id p6R4uLv7046025 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=FAIL) for <>; Tue, 26 Jul 2011 21:56:22 -0700 (MST) (envelope-from
Received: by ewy20 with SMTP id 20so1694374ewy.16 for <>; Tue, 26 Jul 2011 21:56:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type; bh=sqXCVGL8RQEP6PrvfSTL6CTJaP14qqMaMj4G+PUpqy8=; b=wW9senCeCO+2cv9SoYgdCQ1bZ70BdsSLaZ3+FYCtNYwAcrmU66Leujsv/ztiI7PELU 8HJ0iI0B0zz08e34BlVTH9A6npZnBHPicX9Ear5vuutJKDsq4hu5rlDBFMDGXW+yl+Nd 2S/gGiO+HzAyjV00puhpL6LhHWuU9wSewte50=
Received: by with SMTP id m18mr311066bkr.138.1311742596113; Tue, 26 Jul 2011 21:56:36 -0700 (PDT)
Received: from [] ([]) by with ESMTPS id x19sm240537bkt.42.2011. (version=SSLv3 cipher=OTHER); Tue, 26 Jul 2011 21:56:35 -0700 (PDT)
Message-ID: <>
Date: Wed, 27 Jul 2011 07:57:11 +0300
From: Mykyta Yevstifeyev <>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20110624 Thunderbird/5.0
MIME-Version: 1.0
To: Paul Smith <>
CC:, Alexey Melnikov <>
Subject: Re: POP handling commands given in wrong state
References: <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: multipart/alternative; boundary="------------030708020903000000070100"
Precedence: bulk
List-Archive: <>
List-ID: <>
List-Unsubscribe: <>

26.07.2011 16:32, Paul Smith wrote:
> On 26/07/2011 14:19, Mykyta Yevstifeyev wrote:
>>> Going straight from session establishment into transaction state 
>>> seems wrong to me, given the base POP3 spec which POP3-over-TLS is 
>>> building on.
>> The matter is that many POP servers support authentication using 
>> X.509 certificate which was supplied during TLS negotiation and do 
>> not require further authentication.  In such case issuing USER will 
>> lead to -ERR, as the server is already in TRANSACTION then.  Other 
>> servers implement POP-over-TLS so that further authentication is also 
>> required (eg. Gmail, which I personally am using).
>>> BTW - why are you looking at POP3-over-TLS? Isn't this idea obsolete 
>>> - isn't the 'STLS' command (RFC 2595) the way we should be doing 
>>> things now? I thought the POP3S way was deprecated.
>>> Note that the RFC 2595 says:
>>> "The STLS command is only permitted in AUTHORIZATION state and the 
>>> server remains in AUTHORIZATION state, even if client credentials 
>>> are supplied during the TLS negotiation." so with STLS you have to 
>>> authenticate (not sure why it's called 'authorization' state when 
>>> it's really 'authentication' state, but that's not relevant) even if 
>>> the TLS has already supplied the user details.
>> Yes, RFC 2595 discouraged use of POP-over-TLS.  However, it is now 
>> used even wider than STLS, which led to effort to document this 
>> mode.  See above for note on why authorization might not be necessary 
>> after TLS negotiation.
> Hmm, I think if you are talking about existing implementations using a 
> deprecated system, then trying to alter the behaviour of them is 
> unlikely to achieve anything...
I wouldn't say it is deprecated; POP-over-TLS is used even more often 
that STLS, as I've already mentioned.  We're trying to give it the 
official documentation and set the standard behavior of the server/client.
> Personally, I'd say that a POP3 server that skips the authorization 
> state because of the certificate is not standards compliant, because 
> there is no standard which allows that behaviour.
> RFC 1939 section 3 says "Once the TCP connection has been opened and 
> the POP3 server has sent the greeting, the session enters the 
> AUTHORIZATION state. In this state, the client must identify itself to 
> the POP3 server."
In our case the AUTHORIZATION is safely replaced by TLS negotiation.  It 
also happens directly after TCP connection, but skipping the greeting, 
which is replaced by TLS ServerHello message.
> Potentially, the client could identify itself using the certificate - 
> HOWEVER, this has to happen *after the POP3 server has sent the 
> greeting* for it to be standards compliant, so it can't be done using 
> the certificate with POP3-over-TLS (it could have been, using the STLS 
> extension, except that specifically excludes that option)
This assumes use of STLS, which performs TLS negotiation during POP3 
session.  POP-over-TLS deliberately makes use of TLS before POP session.
> So, any server which does not enter AUTHORIZATION state after the 
> connection has been opened and the POP3 server has sent the greeting 
> is NOT RFC 1939 compliant.
See above.  Server greeting = ServerHello TLS message; authentication = 
TLS negotiation.
> If you are wanting to change the behaviour of existing POP3-over-TLS 
> server implementations so they send a POP3 extended response, then you 
> should rather change their behaviour so they are compliant to the 
> existing RFC 1939 instead...
They can't be anyway as some required steps of RFC 1939 are replaced by 
TLS steps.  This results in a modified protocol.
> If you are just wanting to document existing behaviour, then this 
> doesn't matter, as neither the extended response nor standard 
> compliant behaviour is possible.
But if we try to unify all existing behavior, this will be great, won't it?

Mykyta Yevstifeyev