[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Unsolicited CAPABILITY response

To: imap@u.washington.edu
Subject: Re: Unsolicited CAPABILITY response
From: Chris Newman <Chris.Newman@innosoft.com>
Date: Thu, 16 Jul 1998 15:59:18 -0700 (PDT)

On Wed, 15 Jul 1998, John Gardiner Myers wrote:
> If the client and server negotiate a SASL security layer, it is
> important for the client to discard its information about server
> capabilities and re-issue the CAPABILITY command.  Otherwise, an active
> attacker could fool the client by inserting or modifying a CAPABILITY
> response before authentication completes.  For this reason, the STARTTLS
> extension in draft-newman-tls-imappop-04.txt explicitly modifies the
> don't-change-CAPABILITIES requirement of the base IMAP specification.

That draft only waives the requirement after the "STARTTLS" command is
issued:

      Once TLS has been started, the client SHOULD discard cached
      information about server capabilities and re-issue the CAPABILITY
      command.  This is necessary to protect against man-in-the-middle
      attacks which alter the capabilities list prior to STARTTLS.  The
      server MAY advertise different capabilities after STARTTLS.

Since the purpose of STARTTLS is to protect against active attacks, it
would defeat the purpose if the client trusted information from before the
STARTTLS command.  The last sentence is added incentive to do the right 
thing.  Incidentally, this language needs to be put in the base spec for
the case where a security layer is negotiated by SASL, for the same
reason.

		- Chris

		--------------------------------------------

Prev by Date: LAST CALL: LDAPv3 auth methods and TLS transport documents
Next by Date: Re: Parent objectclass ambiguity in RFC 2251
Index(es):
- Chronological
- Thread