Re: draft-hoffman-rfc2487bis-03.txt

[Bodo Moeller <moeller@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>]

On Tue, Aug 29, 2000 at 10:26:23AM -0700, Paul Hoffman / IMC wrote:
> At 10:28 AM +0200 8/29/00, Bodo Moeller wrote:

>> If, after having issued the STARTTLS command, the client finds out
>> that some failure prevents it from actually starting a TLS handshake,
>> then it should just abort the connection.

> I'm OK with this if everyone else is. It feels weird to me on a 
> protocol level, but I'm not an implementor. More opinions are welcome.

Maybe it *feels* weird, but requiring the server to detect whether
the bytes from the client are plain commands or a TLS/SSL record
*is* weird :-)

It just happens that none of the currently defined ContentType values
is a valid ASCII character, so it is in fact possible to tell a TLS
record from an SMTP command; but there is no systematic reason for
this.  If you were to draw a state machine for SMTP with the STARTTLS
extension, then currently the most natural way to do this would be to
handle the peer's protocol data non-deterministically at this point of
the protocol, which doesn't easily translate into an implementation.

For having a well-structured implementation, you want to have a
clearly defined point during protocol execution where the TLS layer
starts to handle the network connection, with the SMTP protocol
implementation running on top of that.  And I bet that even the less
well structured implementations make this assumption :-)


-- 
Bodo Möller <moeller@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036