chibenwa commented on PR #3049: URL: https://github.com/apache/james-project/pull/3049#issuecomment-4545048445
> Once a SASL security layer is established, the server MUST re-issue the capability results, followed by an OK response. My interpretation was SASL = AUTH hence the code. I disregarded "security layer" But it is immediatly followed by > This is necessary to protect against man-in-the-middle attacks that alter the capabilities list prior to SASL negotiation. The capability results MUST include all SASL mechanisms the server was capable of negotiating with that client. So understanding this as ` Once a *STARTTLS* security layer is established, the server MUST re-issue the capability results, followed by an OK response.` is indeed a better call. Thanks for catching it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
