chibenwa commented on PR #3049: URL: https://github.com/apache/james-project/pull/3049#issuecomment-4544996132
> The additional announcement has been introduced this year and is not included in any release, I think. It was backported to previous release branches I presume, not yet released > Do you still remember what the initial reason was for announcing capabilities after authentication? Was there some client that expected James to do so? A security report originating from a large mailing company (this is PMC private so I cannot disclose it) This was not a security issue but more the fact we do not re-advertize capability after STARTTLS > Regardless, the ABNF in the RFC is quite clear that it should only happen if a SASL security layer has been negotiated. Then fair sorry I may have misunderstood the ABNF or read the RFC too quickly. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
