You have a point; and this is something that should be addressed in a
document revision.
The IMAP specification (RFC 3501) doesn't allow STARTTLS after
authentication (since STARTTLS is a Not Authenticated state command).
I believe that:
. multiple STARTTLS is absurd
. a port 993 server (SSL IMAP) should not advertise the STARTTLS
capability
. a port 143 server should not advertise the STARTTLS capability after
STARTTLS has been negotiated
. if the STARTTLS capability has not been advertised, the appropriate
response to the STARTTLS command is a "BAD Unknown command" error.
Anyway, this is what my server does, and nobody has flamed about it.
-- Mark --
http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.
