-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 30 Apr 2008, Michael Firnau wrote:
Hello,
With my limited time and debugging possibilities i've found that the dovecot managesieve server seems to send capability lines 'automagically'.
http://tools.ietf.org/html/draft-martin-managesieve-08#section-2.2
"After the TLS layer is established, the server MUST re-issue the capability results, followed by an OK response. This is necessary to protect against man-in-the-middle attacks which alter the capabilities list prior to STARTTLS. This capability result MUST NOT include the STARTTLS capability."
Bye,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIGGG4VJMDrex4hCIRAs2hAJsHolfH3LE2R+4uMT5h+RHh+WBxNwCgyjcp 2fo/Z/tawNLqnwV2YvPU+kA= =Os2c -----END PGP SIGNATURE-----