[RFC] Add extra ehlo() and starttls() for gmail smtp
Aaron Bentley
aaron.bentley at utoronto.ca
Wed Sep 5 18:01:33 BST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Harald Meland wrote:
> [Keir Mierle]
> An SMTP client shouldn't try to do STARTTLS until after EHLO has
> succeeded (and indicated that STARTTLS indeed is among the extensions
> that the server supports). The client should also fall back to HELO
> if EHLO fails, and verify whether HELO fails.
This looks like a nice improvement. There's just one thing I wonder about:
> + (code, message) = self._connection.starttls()
> + if (200 <= code <= 299):
This seems to mean that if starttls fails, we'll use unencrypted SMTP.
I'm not sure whether we should fail in this situation, give a warning,
or silently continue. It seems like if people expect their privacy to
be protected and it's not, that's a violation of trust. But OTOH, I
don't know whether people would expect privacy here.
Aaron
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFG3uDt0F+nu1YWqI0RAk8bAJ41cDKfnFyBhIKynaEVzdMyP4DIDQCdHuvP
D0/hEf60UPFs3OK3Zhx0VfU=
=hsvy
-----END PGP SIGNATURE-----
More information about the bazaar
mailing list