> noone can answer me? :-( Maybe it would help if your post would have been a lot shorter (I think you could have asked the same in 15 lines of text). Another thing that would help is not post this to security, but to standards, as this is about stream setup in general, not about security.
Anyway: - Compression disappearing after TLS negotiation indeed sounds like a bad setup/bug. - In general, features disappearing (e.g. starttls disappearing after compression negotiation) or appearing (e.g. PLAIN authentication appearing after tls has been negotiated) are valid and useful. - Why post non-required features when there are other required features? You may want to first negotiate other (optional) things before you start with the required layers? I can't think of a practical scenario from the top of my head, though. cheers, Remko
