[Date Prev][Date Next]
Re: [authmeth] effect of StartTLS on authentication state
At 07:00 PM 7/1/2003, Kurt D. Zeilenga wrote:
>It's my opinion that the RFC 2830, section 5.1.1 absolute
>imperative is inappropriate and actually in conflict with section 3.1.
I misread section 3.1. It doesn't cover this case (as StartTLS
as been initiated) so is not in conflict with 5.1.1. Regardless,
I still believe the server is free to return strongAuthRequired
at any time it considers the in force association to be inappropriate
for the requested operation. Hence, the server may, in effect,
move the association to anonymous after StartTLS.