[Dovecot] Avelsieve 1.9.7 and Dovecot/TLS

Steffen Kaiser skdovecot at smail.inf.fh-bonn-rhein-sieg.de
Wed Apr 30 15:10:30 EEST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 30 Apr 2008, Michael Firnau wrote:

Hello,

> With my limited time and debugging possibilities i've found that the
> dovecot managesieve server seems to send capability lines 'automagically'.

http://tools.ietf.org/html/draft-martin-managesieve-08#section-2.2

"After the TLS layer is established, the server MUST re-issue the
     capability results, followed by an OK response. This is necessary to
     protect against man-in-the-middle attacks which alter the
     capabilities list prior to STARTTLS. This capability result MUST NOT
     include the STARTTLS capability."

Bye,

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIGGG4VJMDrex4hCIRAs2hAJsHolfH3LE2R+4uMT5h+RHh+WBxNwCgyjcp
2fo/Z/tawNLqnwV2YvPU+kA=
=Os2c
-----END PGP SIGNATURE-----


More information about the dovecot mailing list