Re: POP handling commands given in wrong state
Paul Smith <paul@pscs.co.uk> Tue, 26 July 2011 13:45 UTC
Received: from hoffman.proper.com (localhost [127.0.0.1]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p6QDj0Xk003605 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 26 Jul 2011 06:45:00 -0700 (MST) (envelope-from owner-ietf-pop3ext@mail.imc.org)
Received: (from majordom@localhost) by hoffman.proper.com (8.14.4/8.13.5/Submit) id p6QDj0Fx003604; Tue, 26 Jul 2011 06:45:00 -0700 (MST) (envelope-from owner-ietf-pop3ext@mail.imc.org)
X-Authentication-Warning: hoffman.proper.com: majordom set sender to owner-ietf-pop3ext@mail.imc.org using -f
Received: from mail.pscs.co.uk (mail.pscs.co.uk [46.20.224.92]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p6QDivU8003594 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-pop3ext@imc.org>; Tue, 26 Jul 2011 06:44:58 -0700 (MST) (envelope-from prvs=018878D732=paul@pscs.co.uk)
Received: from lmail.pscs.co.uk ([217.155.61.14]) by mail.pscs.co.uk ([46.20.224.92] running VPOP3) with ESMTP; Tue, 26 Jul 2011 14:39:57 +0100
Received: from [192.168.66.100] ([192.168.66.100]) by lmail.pscs.co.uk ([192.168.66.70] running VPOP3) with ESMTP; Tue, 26 Jul 2011 14:32:17 +0100
Message-ID: <4E2EC1E0.7010504@pscs.co.uk>
Date: Tue, 26 Jul 2011 14:32:16 +0100
From: Paul Smith <paul@pscs.co.uk>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.18) Gecko/20110616 Lightning/1.0b2 Thunderbird/3.1.11
MIME-Version: 1.0
To: Mykyta Yevstifeyev <evnikita2@gmail.com>
CC: ietf-pop3ext@imc.org
Subject: Re: POP handling commands given in wrong state
References: <4E2E49AC.9090207@gmail.com> <4E2E7708.3080004@pscs.co.uk> <4E2E8762.5030805@gmail.com> <4E2E8E10.9070209@pscs.co.uk> <4E2EBEC5.1000306@gmail.com>
In-Reply-To: <4E2EBEC5.1000306@gmail.com>
Content-Type: multipart/alternative; boundary="------------050608030700090309090108"
X-Authenticated-Sender: paul
X-Server: VPOP3 Enterprise V4.0.0e - Registered
X-Organisation: Paul Smith Computer Services
Sender: owner-ietf-pop3ext@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pop3ext/mail-archive/>
List-ID: <ietf-pop3ext.imc.org>
List-Unsubscribe: <mailto:ietf-pop3ext-request@imc.org?body=unsubscribe>
On 26/07/2011 14:19, Mykyta Yevstifeyev wrote: >> Going straight from session establishment into transaction state >> seems wrong to me, given the base POP3 spec which POP3-over-TLS is >> building on. > The matter is that many POP servers support authentication using X.509 > certificate which was supplied during TLS negotiation and do not > require further authentication. In such case issuing USER will lead > to -ERR, as the server is already in TRANSACTION then. Other servers > implement POP-over-TLS so that further authentication is also required > (eg. Gmail, which I personally am using). > >> >> >> BTW - why are you looking at POP3-over-TLS? Isn't this idea obsolete >> - isn't the 'STLS' command (RFC 2595) the way we should be doing >> things now? I thought the POP3S way was deprecated. >> >> Note that the RFC 2595 says: >> "The STLS command is only permitted in AUTHORIZATION state and the >> server remains in AUTHORIZATION state, even if client credentials are >> supplied during the TLS negotiation." so with STLS you have to >> authenticate (not sure why it's called 'authorization' state when >> it's really 'authentication' state, but that's not relevant) even if >> the TLS has already supplied the user details. > Yes, RFC 2595 discouraged use of POP-over-TLS. However, it is now > used even wider than STLS, which led to effort to document this mode. > See above for note on why authorization might not be necessary after > TLS negotiation. Hmm, I think if you are talking about existing implementations using a deprecated system, then trying to alter the behaviour of them is unlikely to achieve anything... Personally, I'd say that a POP3 server that skips the authorization state because of the certificate is not standards compliant, because there is no standard which allows that behaviour. RFC 1939 section 3 says "Once the TCP connection has been opened and the POP3 server has sent the greeting, the session enters the AUTHORIZATION state. In this state, the client must identify itself to the POP3 server." Potentially, the client could identify itself using the certificate - HOWEVER, this has to happen *after the POP3 server has sent the greeting* for it to be standards compliant, so it can't be done using the certificate with POP3-over-TLS (it could have been, using the STLS extension, except that specifically excludes that option) So, any server which does not enter AUTHORIZATION state after the connection has been opened and the POP3 server has sent the greeting is NOT RFC 1939 compliant. If you are wanting to change the behaviour of existing POP3-over-TLS server implementations so they send a POP3 extended response, then you should rather change their behaviour so they are compliant to the existing RFC 1939 instead... If you are just wanting to document existing behaviour, then this doesn't matter, as neither the extended response nor standard compliant behaviour is possible. IMHO
- Re: POP handling commands given in wrong state Mykyta Yevstifeyev
- Re: POP handling commands given in wrong state Chris Newman
- Re: POP handling commands given in wrong state Mykyta Yevstifeyev
- Re: POP handling commands given in wrong state Paul Smith
- Re: POP handling commands given in wrong state Mykyta Yevstifeyev
- Re: POP handling commands given in wrong state Mykyta Yevstifeyev
- Re: POP handling commands given in wrong state Randall Gellens
- Re: POP handling commands given in wrong state Randall Gellens
- Re: POP handling commands given in wrong state Randall Gellens
- Re: POP handling commands given in wrong state Paul Smith
- Re: POP handling commands given in wrong state Paul Smith
- Re: POP handling commands given in wrong state Randall Gellens
- Re: POP handling commands given in wrong state Mykyta Yevstifeyev
- Re: POP handling commands given in wrong state Paul Smith
- Re: POP handling commands given in wrong state Mykyta Yevstifeyev
- Re: POP handling commands given in wrong state Paul Smith
- POP handling commands given in wrong state Mykyta Yevstifeyev
- Re: Fwd: I-D Action: draft-yevstifeyev-pop-wrong-… Paul Smith
- Re: Fwd: I-D Action: draft-yevstifeyev-pop-wrong-… Mykyta Yevstifeyev
- Re: Fwd: I-D Action: draft-yevstifeyev-pop-wrong-… Chris Newman
- Re: Fwd: I-D Action: draft-yevstifeyev-pop-wrong-… Mykyta Yevstifeyev
- Re: Fwd: I-D Action: draft-yevstifeyev-pop-wrong-… Chris Newman
- Re: POP handling commands given in wrong state Alexey Melnikov
- Fwd: I-D Action: draft-yevstifeyev-pop-wrong-stat… Mykyta Yevstifeyev