RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 2 records.

Status: Verified (1)

RFC 3207, "SMTP Service Extension for Secure SMTP over Transport Layer Security", February 2002

Source of RFC: Legacy

Errata ID: 324

Status: Verified
Type: Technical

Reported By: Simon Josefsson
Date Reported: 2002-02-13
Report Text:

The document is missing a reference: </ORIG>   [MIME-SEC] Galvin, J., Murphy, S., Crocker, S., and Freed, N.,
               "Security Multiparts for MIME: Multipart/Signed and
               Multipart/Encrypted", RFC 1847, October 1995.
</CORR>


Status: Rejected (1)

RFC 3207, "SMTP Service Extension for Secure SMTP over Transport Layer Security", February 2002

Source of RFC: Legacy

Errata ID: 4442

Status: Rejected
Type: Editorial

Reported By: Daniel Kahn Gillmor
Date Reported: 2015-08-10
Rejected by: Barry Leiba
Date Rejected: 2015-08-10

Section Appendix says:

   -  Section 5 and 7: More discussion of the man-in-the-middle attacks
   -  Section 5: Additional discussion of when a server should and
      should not advertise the STARTTLS extension
   -  Section 5: Changed the requirements on SMTP clients after
      receiving a 220 response.
   -  Section 5.1: Clarified description of verifying certificates.
   -  Section 5.3: Added the section on "STARTTLS on the Submission
      Port"
   -  Section 6: Bug fix in the example to indicate that the client
      needs to issue a new EHLO command, as already is described in
      section 5.2.
   -  Section 7: Clarification of the paragraph on acceptable degree of
      privacy. Significant change to the discussion of how to avoid a
      man-in-the-middle attack.
   -  Section A: Update reference from RFC 821 to RFC 2821.

It should say:

   -  Section 4 and 6: More discussion of the man-in-the-middle attacks
   -  Section 4: Additional discussion of when a server should and
      should not advertise the STARTTLS extension
   -  Section 4: Changed the requirements on SMTP clients after
      receiving a 220 response.
   -  Section 4.1: Clarified description of verifying certificates.
   -  Section 4.3: Added the section on "STARTTLS on the Submission
      Port"
   -  Section 5: Bug fix in the example to indicate that the client
      needs to issue a new EHLO command, as already is described in
      section 4.2.
   -  Section 5: Clarification of the paragraph on acceptable degree of
      privacy. Significant change to the discussion of how to avoid a
      man-in-the-middle attack.
   -  Section 7: Update reference from RFC 821 to RFC 2821.

Notes:

The appendix lists the changes as they apply to the sections of rfc 2487, but the links in https://tools.ietf.org/html/rfc3207#page-8 point back to the section numbers in RFC 3207. Either the section numbers referred to should be RFC 3207 numbers (the correction i'm proposing here), or the links within the HTML version should point back to RFC 2487 instead.
--VERIFIER NOTES--
The tools-based HTML rendering is not the definitive version, and the errata system is not for recording problems with that version. There's no error in http://www.rfc-editor.org/rfc/rfc3207.txt

Report New Errata



Search RFCs
Advanced Search
×