Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- IMAP4 RFC question
- Scott Lowe
May 16, 2005, 5:13 pm
rate this thread
IMAP4), but there doesn't seem to be a definitive answer in the RFC.
Can anyone tell me if the CAPABILITY command *MUST* be issued by the
client before attempting any further commands? My concern is that an
IMAP4 client might try to issue a LOGIN command with the password in
clear text before issuing a CAPABILITY command and receiving a
LOGINDISABLED STARTTLS response (indicating that logins are disabled
until a TLS session is negotiated).
Anyone have any ideas?
Re: IMAP4 RFC question
It is not REQUIRED or a MUST. On the other hand, it's also not prohibited.
Rather than post here (though it is a security question), why not look
at the RFC3501 document, and note the author's name (Mark R. Crispin).
Then post this question in the newsgroup 'comp.mail.pine' which he
monitors. My current list of the Big 8 newsgroups also indicates a
'comp.mail.imap', though I'm not familiar with it.
- » Q: Security management in Client/Server environments (especially CORBA)
- — Next thread in » General Computer Security