On Thu, 29 Jan 2009, [email protected] wrote: > > > I would like suggest an alternative: how about saying > > > > The server MUST NOT trust any information obtained > > from the client, such as command verbs and their arguments, prior to > > the TLS negotiation. > > The client MUST NOT trust any information obtained from the server, > > such as the list of SMTP service extensions, > > prior to the TLS negotiation. > > > > This avoid the whole issue of what the client/server must and must not > > remember. > > Very clever - it focuses on the real issue and avoids the slippery slope. . I > like it a lot. This is definitely the way to go.
+1 Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS. MODERATE OR GOOD.
