I'm currently implementing TLS in my IMAP server and have noticed
what I think is a minor inconsistency in RFC2595.
If you look at RFC2487 (SMTP over TLS), it is very explicit (section 5.2)
about not issuing STARTTLS if a secure session is already active, yet
this is not stated anywhere for any of the three protocols covered by
RFC2595, as far as I can tell.
In one sense, I guess it can be *inferred* for IMAP because the client is
required to flush any information it has cached about server capabilities,
but it is never actually stated in as many words - and there's nothing
there that says that the IMAP server should suppress the STARTTLS
capability keyword after successful TLS negotiation either - all it says is
"The server MAY advertise different capabilities after STARTTLS",
which even appears to suggest that the server can advertise
STARTTLS again if it wants.
I assume that in fact the same conditions pertain as in SMTP? I.e, that
a client must not attempt to issue STARTTLS when a secure session
has already been negotiated? It clearly makes no sense at all to attempt
to do this, but sure as fate you can guarantee someone will try it
sometime... ;-)
In the even that someone *does* attempt to do this, should the resulting
error from the server be "NO" or "BAD"? I would presume "BAD", but
would appreciate guidance.
If this is covered in recent IMAP drafts, I'm sorry to have wasted your
time - I don't have a recent draft here, and RFC2595 is still shown as
"proposed standard" in the rfc index.
Cheers!
-- David --
------------------ David Harris -+- Pegasus Mail ----------------------
Box 5451, Dunedin, New Zealand | e-mail: [EMAIL PROTECTED]
Phone: +64 3 453-6880 | Fax: +64 3 453-6612
On the box of a clockwork toy from Hong Kong:
"Guaranteed to work throughout its useful life."
--
-----------------------------------------------------------------
For information about this mailing list, and its archives, see:
http://www.washington.edu/imap/imap-list.html
-----------------------------------------------------------------
