[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Unsolicited CAPABILITY response

To: imap@u.washington.edu
Subject: Re: Unsolicited CAPABILITY response
From: John Gardiner Myers <jgmyers@netscape.com>
Date: Wed, 15 Jul 1998 17:39:03 -0700

If the client and server negotiate a SASL security layer, it is
important for the client to discard its information about server
capabilities and re-issue the CAPABILITY command.  Otherwise, an active
attacker could fool the client by inserting or modifying a CAPABILITY
response before authentication completes.  For this reason, the STARTTLS
extension in draft-newman-tls-imappop-04.txt explicitly modifies the
don't-change-CAPABILITIES requirement of the base IMAP specification.


		--------------------------------------------

Prev by Date: I-D ACTION:draft-ietf-ldapext-ldap-java-api-02.txt
Next by Date: Parent objectclass ambiguity in RFC 2251
Index(es):
- Chronological
- Thread