draft-ietf-nntpext-base-03.txt some comments
Chris.Lewis.clewis at nt.com
Thu Jan 22 10:45:15 PST 1998
> Chris Newman wrote:
> On Thu, 15 Jan 1998, Nat Ballou (Exchange) wrote:
> > One of the things discussed in DC was how a client could
> > get a list of authenticators from the server. Current
> > practice with shipping NNTP servers is to allow an
> > 'AUTHINFO GENERIC' command (no arguments) and have the
> > server return a CR/LF separated list of authentication
> > packages, terminated with CRLF.CRLF.
> > Comments?
> Not a great idea, IMHO -- that's likely to add an extra round trip to the
> usual startup procedure:
> S: greeting
> C: ask for capabilities
> S: return capabilities
> C: ask for authentication mechanisms
> S: return authentication mechanisms
> C: begin authentication
> S: ...
> I think it's much better to fold the authentication list into the general
> capabilities list as is proposed for SMTP:
I think that would clutter it up more than necessary, having to parse initial
greetings to check out what additional features apply to which area of the
I think you may also be making the assumption that authentication must be done
during initial connection. In fact, it's done whenever the server thinks it
should be done. Clients should be able to cope with multiple challenges, and
the available mechanisms might even change between challenges.
So, you're looking more at things like:
C: I want X
S: you have to authenticate for that
C: what do you understand C: authenticate with b C: authenticate with b
S: these: a, b, c S: begin authentication S: dunno b
C: authenticate with b C: whatcha got?
S: begin authentication S: these: a, c
C: authenticate with c
S: begin authentication
So, "AUTHINFO GENERIC" returning a list, and "AUTHINFO GENERIC ..." commencing
authentication seems to me to be nice and simple.
More information about the ietf-nntp