Re: POP handling commands given in wrong state

Randall Gellens <randy@Qualcomm.Com> Tue, 26 July 2011 13:20 UTC

Received: from (localhost []) by (8.14.4/8.14.3) with ESMTP id p6QDKtQK002204 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 26 Jul 2011 06:20:56 -0700 (MST) (envelope-from
Received: (from majordom@localhost) by (8.14.4/8.13.5/Submit) id p6QDKt6K002203; Tue, 26 Jul 2011 06:20:55 -0700 (MST) (envelope-from
X-Authentication-Warning: majordom set sender to using -f
Received: from ( []) by (8.14.4/8.14.3) with ESMTP id p6QDKs4s002198 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <>; Tue, 26 Jul 2011 06:20:54 -0700 (MST) (envelope-from
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;; q=dns/txt; s=qcdkim; t=1311686470; x=1343222470; h=message-id:in-reply-to:references:x-mailer:date:to:from: subject:cc:mime-version:content-type:x-random-sig-tag: x-originating-ip; z=Message-ID:=20<p0624060cca546d8a1a68@[]> |In-Reply-To:=20<>|References: =20<>=20<4E2E7708.3080004@pscs.>=0D=0A=20<>|X-Mailer:=20E udora=20for=20Mac=20OS=20X|Date:=20Tue,=2026=20Jul=202011 =2006:17:24=20-0700|To:=20Mykyta=20Yevstifeyev=20<evnikit>,=20Paul=20Smith=20<>|From: =20Randall=20Gellens=20<>|Subject:=20Re :=20POP=20handling=20commands=20given=20in=20wrong=20stat e|CC:=20<>,=20Alexey=20Melnikov=20<al>|MIME-Version:=201.0 |Content-Type:=20text/plain=3B=20charset=3D"us-ascii"=3B =20format=3Dflowed|X-Random-Sig-Tag:=201.0b28 |X-Originating-IP:=20[]; bh=Yl0FZjYeaM38dbUwZeRqG9f85NWHwhQqCt/+9JhNtl8=; b=DdmRMl0H6ZDv2XUPgpyWv0c6dXz+VA53Ml8tbImc2VPL/kcbq5Q/S+wv qtdpQFljWMsdJ++j4t6f3vvl01HC6YRGs0G9/gxNbRNaw/bl9YRdzUUmu KjjhLBRixT8hX2txuNvQAdIEywwLkCn5idWekq9z+JLL9J4Yj8kdk9Mme 4=;
X-IronPort-AV: E=McAfee;i="5400,1158,6418"; a="105962769"
Received: from ([]) by with ESMTP; 26 Jul 2011 06:21:09 -0700
X-IronPort-AV: E=Sophos;i="4.67,266,1309762800"; d="scan'208";a="118417072"
Received: from ([]) by with ESMTP/TLS/AES128-SHA; 26 Jul 2011 06:21:08 -0700
Received: from [] ( by ( with Microsoft SMTP Server (TLS) id 14.1.323.0; Tue, 26 Jul 2011 06:21:08 -0700
Message-ID: <p0624060cca546d8a1a68@[]>
In-Reply-To: <>
References: <> <> <>
X-Mailer: Eudora for Mac OS X
Date: Tue, 26 Jul 2011 06:17:24 -0700
To: Mykyta Yevstifeyev <>, Paul Smith <>
From: Randall Gellens <randy@Qualcomm.Com>
Subject: Re: POP handling commands given in wrong state
CC: <>, Alexey Melnikov <>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Random-Sig-Tag: 1.0b28
X-Originating-IP: []
Precedence: bulk
List-Archive: <>
List-ID: <>
List-Unsubscribe: <>

At 12:22 PM +0300 7/26/11, Mykyta Yevstifeyev wrote:

>  I meant just the situation like this.  Eg., when one is using 
> POP3-over-TLS whereas TLS connection is established before POP 
> transaction starts, TLS negotiation may be used instead USER-PASS 
> or AUTH authentication, entering the server into the TRANSACTION 
> state; on the other hand, the server may require authentication 
> under TLS layer, entering AUTHORIZATION state after establishing 
> TLS connection.  I and Alexey Melnikov are currently working on the 
> POP-over-TLS specification 
> ( 
> and the problem is that the client don't know what state is the 
> server in after TLS negotiation.  If the client tries giving USER 
> and received -ERR, it may mean that the user name is unknown or 
> that the user is authenticated already, and the client can't know 
> for sure what does it mean.  Don't you have other idea of 
> indicating the state?

Per RFC 4206, the server should issue the AUTH-RESP-CODE capability 
tag, indicating "that the server includes the AUTH response code with 
any authentication error caused by a problem with the user's 
credentials" and then in the case you cite, don't issue the AUTH 
response code in an -ERR response to USER.

By issuing the AUTH response code and then not including the AUTH 
response code, that indicates that the error has nothing to do with 
the user's credentials.

I agree that you would have to infer that the user is already 
authenticated, which isn't as nice as having an explicit response 
code.  I'm not sure if it's worth adding the explicit tag or not, but 
don't have an objection to it.

Randall Gellens
Opinions are personal;    facts are suspect;    I speak for myself only
-------------- Randomly selected tag: ---------------
Think twice before speaking, but don't say "think think click click".