ietf-nntp Draft 20 pre-release 2
Ken Murchison
ken at oceana.com
Fri Oct 10 11:01:28 PDT 2003
Clive D.W. Feather wrote:
> Jeffrey M. Vinocur said:
>
>>I do support Clive's point that this *is* a protocol document and thus
>>it's not really well-formed (or even in our scope?) for us to prohibit
>>caching per se.
>
>
> Indeed. It's also an untestable requirement.
>
> Basically, if a client screws up security, is it because they cached when
> we told them not to, or for some other reason? Both point to problems with
> the author.
>
>
>>An alternative phrasing along the lines of "clients MUST send LIST
>>EXTENSIONS before using ..." would probably be more appropriate. Or maybe
>>we should emphasize that each extension document needs to state whether or
>>not LIST EXTENSIONS is required before use of that extension, and remind
>>extension document authors that security extensions should invoke that
>>requirement.
>
>
> Firstly, we talked that one out before. This implies that LIST EXTENSIONS
> can turn extensions on, and that is a strict no.
I agree that LIST EXTENSIONS should not be used to enable extensions,
but I don't think that is what we're talking about (at least I hope not).
LIST EXTENSIONS SHOULD be used by a client before using an optional
capability so it knows if its available or not. This potentially saves
multiple round trips of trial and error.
I think expending the one round trip for LIST EXTENSIONS makes a lot
more sense than wasting them on commands that the server doesn't
support. I suppose somebody will come up with the idea to cache the
fact that HDR or OVER failed and never try it again, but that seems
ridiculous.
I propose that we remove ALL reference to caching and be done with it.
It sounds like client authors are going to do what they want anyways, so
why encourage or discourage them.
IMAP clients typically make multiple connections for one "session" and
none of those authors have a problem with sending CAPABILITY for each
connection.
> Secondly, LIST EXTENSIONS is actually a symptom, not a cause. The problem
> we're trying to solve is clients that send passwords over an insecure link.
> If a client uses SASL PLAIN (or whatever) without establishing TLS first,
> it's broken. It doesn't matter *why* it did that. People seem to be
> assuming that clients will use LIST EXTENSIONS to know what security
> mechanism is there. What if they don't?
They are severely broken, and nobody should use software written by such
authors.
> The right place to warn about this is in the document that defines SASL
> (or whatever).
Agreed.
> We agreed this was important enough to put a note in the
> base document, and I'm fine with that. The present wording is clear that
> you SHOULD NOT do this, and I'm happy to make that MUST if Russ is.
Let's just avoid the subject in the base document altogether (like the
IMAP and POP RFCs), and we're done.
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the ietf-nntp
mailing list