ietf-nntp RFC977bis w.r.t. authentication
Larry Osterman (Exchange)
larryo at Exchange.Microsoft.com
Thu May 7 09:57:10 PDT 1998
There are 2 major problems with this idea.
The first (technical) is that TCP/IP is a stream oriented protocol. This
means that every message sent is subject to IP fragmentation, thus every
packet needs to have enough information contained within it to allow for
re-assembly on the receiving end. Many of the existing security protocols
do not have sufficient information in their packets to allow re-assembly on
the receiving end, so in effect the security information is "tunneled"
through the higher level protocol - in other words, it uses the higher level
protocol to carry the security information.
And that brings me to the second problem, and this one is a total
show-stopper as far as I'm concerned. Assuming that the security logic
"takes over" the NNTP connection is about as egregious a layering violation
as I've ever seen. And layering violations are a VERY bad thing.
BTW: Why didn't your message have a To: header? It made replying to this
Sent from larryo-laptop.dns.microsoft.com running NT5 and Outlook 98 and
Exchange Server 5.5. Please notify the sender of any difficulties
From: chl at clw.cs.man.ac.uk [mailto:chl at clw.cs.man.ac.uk]
Sent: Thursday, May 07, 1998 2:03 AM
Subject: Re: ietf-nntp RFC977bis w.r.t. authentication
In <2FBF98FC7852CF11912A000000000001095E1686 at DINO> "Larry Osterman
(Exchange)" <larryo at Exchange.Microsoft.com> writes:
>If the authentication protocol runs over the NNTP connection, then it's
>encoding MUST be specified as a part of the NNTP protocol. The encoding of
>ALL data transmitted on the NNTP port must be specified. Otherwise we get
Surely the 8-bit cleanliness of NNTP, or its treatment of NUL and isolated
CR and LF, are irrelevant. Once SASL takes over, it is just exchanging IP
packets, and they are all binary-clean by definition.
Charles H. Lindsey ---------At Home, doing my own
Email: chl at clw.cs.man.ac.uk Web: http://www.cs.man.ac.uk/~chl
Voice/Fax: +44 161 437 4506 Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU,
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB
More information about the ietf-nntp