[Imap-protocol] Pipelined commands before completion of STARTTLS

[Mark Crispin]

On Tue, 8 Mar 2011, Philip Guenther wrote:

>> 1. Send a BAD response if a command is pipelined after STARTTLS.

>>

>> 2. Ignore the pipelined cleartext commands.

>

> 3. immediately close the connection

>

> 4. Treat data after the CRLF as data for the TLS handshake (i.e., to shave

>   an RTT off in the success case).


My observation of all of this:

Behavior 1 is difficult to do consistently, especially if the TLS
handshake starts with client data (no initial server data).

Behavior 2 is the expected implementation today.

Behavior 3 is a natural and expected consequence of the TLS handshake
being invalid.  However, behavior 3 may have the effect of making an MITM
attack become a DOS.

Behavior 4 can not be deployed in a reliable way without some negotiated
capability, due to behavior 2.


My recommendations follow.

Clients:
 	MUST NOT pipeline or otherwise transmit anything after STARTTLS
 	until such time as it is permitted to transmit a TLS handshake.

 	MUST NOT assume any behavior on the part of the server, until
 	such time as there is a negotiated extension for behavior 4.

Servers:
 	MUST NOT implement behavior 1.

 	MUST implement behavior 2 or 4, at the server's option.  Note
 	that, due to timing, behavior 2 is actually a special case of
 	behavior 4.

 	MUST NOT implement behavior 3, except as a consequence of an
 	invalid TLS handshake in a behavior 4 implementation.

-- Mark --

http://panda.com/mrc
Democracy is two wolves and a sheep deciding what to eat for lunch.
Liberty is a well-armed sheep contesting the vote.