Re: Last Call: SMTP Service Extension for Secure SMTP over TLS to Proposed Standard

[ned.freed@xxxxxxxxxxx]

> > The successor of RFC 2487 with those backwards-compatibility-compatibility
> > requirements will actually be easier to implement than RFC 2487. Here's
> > some RFC 2487 fun:
> >
> >    After receiving a 220 response to a STARTTLS command, the client
> >    SHOULD start the TLS negotiation before giving any other SMTP
> >    commands.
> >
> > I.e., when the server expects a Client Hello message (in whatever
> > format), it may receive an SMTP command in plain ASCII instead if the
> > client has decided that it does not want to use TLS after all.

> because it's only a SHOULD and not a MUST.
> I agree, that's a bug in the spec.

I also agree that this is a bug and it needs to be changed.

				Ned