RFC Errata
RFC 3207, "SMTP Service Extension for Secure SMTP over Transport Layer Security", February 2002
Note: This RFC has been updated by RFC 7817
Source of RFC: Legacy
Errata ID: 4442
Status: Rejected
Type: Editorial
Publication Format(s) : TEXT
Reported By: Daniel Kahn Gillmor
Date Reported: 2015-08-10
Rejected by: Barry Leiba
Date Rejected: 2015-08-10
Section Appendix says:
- Section 5 and 7: More discussion of the man-in-the-middle attacks - Section 5: Additional discussion of when a server should and should not advertise the STARTTLS extension - Section 5: Changed the requirements on SMTP clients after receiving a 220 response. - Section 5.1: Clarified description of verifying certificates. - Section 5.3: Added the section on "STARTTLS on the Submission Port" - Section 6: Bug fix in the example to indicate that the client needs to issue a new EHLO command, as already is described in section 5.2. - Section 7: Clarification of the paragraph on acceptable degree of privacy. Significant change to the discussion of how to avoid a man-in-the-middle attack. - Section A: Update reference from RFC 821 to RFC 2821.
It should say:
- Section 4 and 6: More discussion of the man-in-the-middle attacks - Section 4: Additional discussion of when a server should and should not advertise the STARTTLS extension - Section 4: Changed the requirements on SMTP clients after receiving a 220 response. - Section 4.1: Clarified description of verifying certificates. - Section 4.3: Added the section on "STARTTLS on the Submission Port" - Section 5: Bug fix in the example to indicate that the client needs to issue a new EHLO command, as already is described in section 4.2. - Section 5: Clarification of the paragraph on acceptable degree of privacy. Significant change to the discussion of how to avoid a man-in-the-middle attack. - Section 7: Update reference from RFC 821 to RFC 2821.
Notes:
The appendix lists the changes as they apply to the sections of rfc 2487, but the links in https://tools.ietf.org/html/rfc3207#page-8 point back to the section numbers in RFC 3207. Either the section numbers referred to should be RFC 3207 numbers (the correction i'm proposing here), or the links within the HTML version should point back to RFC 2487 instead.
--VERIFIER NOTES--
The tools-based HTML rendering is not the definitive version, and the errata system is not for recording problems with that version. There's no error in http://www.rfc-editor.org/rfc/rfc3207.txt