chibenwa commented on PR #3049:
URL: https://github.com/apache/james-project/pull/3049#issuecomment-4545048445

   >     Once a SASL security layer is established, the server MUST re-issue 
the capability results, followed by an OK response. 
   
   My interpretation was SASL = AUTH hence the code. I disregarded "security 
layer"
   
   But it is immediatly followed by
   
   > This is necessary to protect against man-in-the-middle attacks that alter 
the   capabilities list prior to SASL negotiation.  The capability results  
MUST include all SASL mechanisms the server was capable of negotiating with 
that client.
   
   So understanding this as `  Once a *STARTTLS*  security layer is 
established, the server MUST re-issue the capability results, followed by an OK 
response.` is indeed a better call.
   
   Thanks for catching it.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to