[Imap-protocol] Pipelined commands before completion of STARTTLS

Ken Murchison murch at andrew.cmu.edu
Tue Mar 8 12:25:18 PST 2011

Next message: [Imap-protocol] Pipelined commands before completion of STARTTLS
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Pursuant to http://www.kb.cert.org/vuls/id/555316

I was wondering what the proper server behavior should be if a client
sends commands between STARTTLS and the server response. RFC 3501
states that this is a client MUST NOT but doesn't discuss how the server
should handle it.

I can see two possibilities (maybe there are others):

1. Send a BAD response if a command is pipelined after STARTTLS. Should
BAD be sent in response to STARTTLS or the following command?

2. Ignore the pipelined cleartext commands.

Questions:

- Should this be done regardless of whether TLS is negotiated successfully?

- Can/Should the connection be immediately terminated?

- Should the behavior be any different for POP3, NNTP, SMTP/LMTP?

--
Kenneth Murchison
Principle Systems Software Engineer
Carnegie Mellon University

Next message: [Imap-protocol] Pipelined commands before completion of STARTTLS
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Imap-protocol mailing list