[RFC] Add extra ehlo() and starttls() for gmail smtp

Jelmer Vernooij jelmer at vernstok.nl
Wed Sep 5 18:59:55 BST 2007


Am Mittwoch, den 05.09.2007, 13:01 -0400 schrieb Aaron Bentley:
> Harald Meland wrote:
> > [Keir Mierle]
> > An SMTP client shouldn't try to do STARTTLS until after EHLO has
> > succeeded (and indicated that STARTTLS indeed is among the extensions
> > that the server supports).  The client should also fall back to HELO
> > if EHLO fails, and verify whether HELO fails.
> 
> This looks like a nice improvement.  There's just one thing I wonder about:
> 
> > +                (code, message) = self._connection.starttls()
> > +                if (200 <= code <= 299):
> 
> This seems to mean that if starttls fails, we'll use unencrypted SMTP.
> I'm not sure whether we should fail in this situation, give a warning,
> or silently continue.  It seems like if people expect their privacy to
> be protected and it's not, that's a violation of trust.  But OTOH, I
> don't know whether people would expect privacy here.
I would at the very least expect a warning. For example, when I'm
sending a company-private changeset over public wifi, I definitely
wouldn't want bzr to be falling back to non-SSL unexpectedly.

Cheers,

Jelmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20070905/8f7dd212/attachment.pgp 


More information about the bazaar mailing list