Hi Brenden - I think that the document is correct and non-conflicting as it stands.
The text in 6.1.1 requires that STARTTLS be implemented. The text in 6.2.2 and 11.2 requires that STARTTLS or "some other mechanism" be used. In other words, you can use other protection mechanisms instead of STARTTLS, but you MUST implement STARTTLS even if you use another mechanism. The idea is to require a common mechanism that will work for everybody, even if the implementor intends to use a different mechanism in his particular environment. Examples of other mechanisms include SSL and Kerberos encryption (negotiated through SASL). -- Mark --
