On Tue, 24 Jun 2003, Simon Josefsson wrote: > Mark Crispin <[EMAIL PROTECTED]> writes: > > The IMAP specification (RFC 3501) doesn't allow STARTTLS after > > authentication (since STARTTLS is a Not Authenticated state command). > STARTTLS does not enter the Authenticated state, according to 3501.
That's correct. However, that wasn't my point. The point was that, after issuing a LOGIN or AUTHENTICATE command, STARTTLS was invalid since it's only valid in Not Authenticated state. So multiple STARTTLS is only an issue prior to LOGIN or AUTHENTICATE. > I wonder if all servers follow this though, I recall seeing servers > that put you in the authenticated state after (client authenticated) > STARTTLS, even without a SASL EXTERNAL login. Such a server would be broken. -- Mark -- http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate. Si vis pacem, para bellum.
