Suggestion for draft-ietf-nntpext-base-02.txt
Chris.Newman at INNOSOFT.COM
Thu Jan 8 14:13:01 PST 1998
On Thu, 8 Jan 1998, Robert Bannocks wrote:
> 9.1.2 AUTHINFO SETPASS username current-password new-password
Ignoring the fact that the spec couldn't pass the IESG if you add this
unless you also require implementation of TLS... Plaintext passwords are
not allowed in IETF protocols unless they are encrypted or exist for
legacy purposes and a stronger mechanism is mandatory-to-implement.
I personally believe there should be a separate password change protocol.
That way, a client which does POP, IMAP, HTTP, SMTP and NNTP doesn't have
to have a custom password change command for each of those protocols.
Instead you only have to implement it once.
More information about the ietf-nntp