Re: draft-hoffman-rfc2487bis-03.txt

[Eric Rescorla <ekr@xxxxxxxxxxxxxxx>]

Marc Shannon <Marc.Shannon@xxxxxxx> writes:

> > > A server which does not have a certificate installed and which does not
> > > support any anonymous ciphers SHOULD NOT advertise the STARTTLS keyword
> > > as it is not currently able to negotiate the use of TLS.
> 
> > It's an case which implementors commonly get wrong.
> 
> Further, it's also an area where past SMTP proxy servers have made mistakes.
> The proxy servers attempt to validate the SMTP commands as a
> man-in-the-middle, passing through the STARTTLS option knowing full well
> that they won't allow for TLS negotiation anyway. In one particular case,
> the proxy server responded "250 OK" to the STARTTLS command (and, in fact,
> it responded that way to _any_ unrecognized command) leading to a serious
> communications breakdown as the client was starting to negotiate TLS while
> the server was happily awaiting its next plain-text command.
As you suggest, I'd be happy to see a blanket statement that if you're
not prepared to negotiate TLS you shouldn't advertise STARTTLS.

The point I was trying to make is that there are all sorts of ways
to not be actually ready to negotiate TLS that are no more stupid
than not having a certificate. For instance not negotiating
any cipher suites or having a certificate that doesn't match
your cipher suite or whatever. (I definitely see this one a lot)
I don't see the point of specially mentioning this one.

-Ekr