[Bug 159204] New: Manage Sieve: problems with Capability-Response afer STARTTLS
Thomas Dreßler
thomas.dressler at 1und1.de
Wed Mar 12 19:25:47 GMT 2008
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
http://bugs.kde.org/show_bug.cgi?id=159204
Summary: Manage Sieve: problems with Capability-Response afer
STARTTLS
Product: kmail
Version: unspecified
Platform: Debian stable
OS/Version: Linux
Status: UNCONFIRMED
Severity: normal
Priority: NOR
Component: filtering
AssignedTo: kdepim-bugs kde org
ReportedBy: thomas.dressler 1und1 de
Version: (using KDE 3.5.9KDE 3.5.6KDE 1.2KDE 1.2)
Installed from: Debian stable PackagesDebian stable PackagesDebian testing/unstable PackagesDebian stable Packages
OS: Linux
hi!
manage sieve server must send after "TLS negotiation" an capability-response. if he do it, the client (kmail/kio) have problems with following commands (AUTHENTICATE).
draft-martin-managesieve-08.txt:
2.2. STARTTLS Command
Support for STARTTLS command in servers is optional. Its
availability is advertised with "STARTTLS" capability as described
in section 1.8.
The STARTTLS command requests commencement of a TLS negotiation.
The negotiation begins immediately after the CRLF in the OK
response. After a client issues a STARTTLS command, it MUST NOT
issue further commands until a server response is seen and the TLS
negotiation is complete.
The STARTTLS command is only valid in non-authenticated state. The
server remains in non-authenticated state, even if client
credentials are supplied during the TLS negotiation. The SASL [SASL]
EXTERNAL mechanism MAY be used to authenticate once TLS client
credentials are successfully exchanged, but servers supporting the
STARTTLS command are not required to support the EXTERNAL mechanism.
After the TLS layer is established, the server MUST re-issue the
capability results, followed by an OK response. This is necessary to
protect against man-in-the-middle attacks which alter the
capabilities list prior to STARTTLS. This capability result MUST NOT
include the STARTTLS capability.
The client MUST discard cached capability information and replace it
with the new information. The server MAY advertise different
capabilities after STARTTLS.
Example:
C: StartTls
S: oK
<TLS negotiation, further commands are under TLS layer>
S: "IMPLEMENTATION" "Example1 ManageSieved v001"
S: "SASL" "PLAIN DIGEST-MD5 GSSAPI"
S: "SIEVE" "fileinto vacation"
S: ok
More information about the Kdepim-bugs
mailing list