ietf-nntp LIST EXTENSIONS

Clive D.W. Feather clive at demon.net
Wed Sep 10 07:54:23 PDT 2003 

Ken Murchison said:
> 1. If clients aren't going to use the extension discovery mechanism (or 
> we don't recommend that they do), why even bother having it?  Just throw 
> it out and let clients go back to the trial-n-error method.

I don't have a problem with "recommend". But "SHOULD" is rather stronger
than that, and that's what my objection - at least - is about.

There will be times when a discovery mechanism is useful. I'm just saying
that it shouldn't be required every time, just left for when it *is*
useful.

> 2. IMO its bad form for a client to NOT use it.  Why would I try a bunch 
> of commands (each with a roundtrip) just to find out that they aren't 
> supported, when in one roundtrip I can discover what I can and can't do? 

It's a question of tradeoffs. If 99% of servers provide OVER, for example,
what's the point in using LIST EXTENSIONS to check? Or if
my.favourite.server has offered STARTTLS the last 10 times I tried, what's
the point in checking before trying again. I don't think our wording should
oppose such approaches *when done properly*.

> Obviously, we can mandate good behavior, 
> but why not encourage it?

Um, did you mean "can not mandate"? If so, then we're in violent agreement.

> 3. If we're going to strongly encourage LIST EXTENSIONS be used before 
> AUTHINFO (for security reasons),

I haven't seen an argument for this.

> As a client 
> author (which I'm not), I'd be pissed if the base document tells me that 
> LIST EXTENSIONS is completely optional (therefore I don't use it), and 
> then some extension comes along and tells me that I MUST use it.

Strawman. No extension should be telling you you MUST use it; on the
contrary, our wording requires exactly the opposite.

> 4. Note that LIST EXTENSIONS doesn't effect any existing commands other 
> than LISTGROUP and AUTHINFO USER/PASS.  All of the other capabilites 
> listed in LIST EXTENSIONS are either new (OVER, HDR) or not widely 
> deployed (STARTTLS).  So saying that client SHOULD use LIST EXTENSIONS 
> really doesn't break any existing client or make then less compliant.
> 
> This just seems like common sense to me.  What am I missing?  What is 
> the big pushback?

The term "SHOULD" has a specific meaning in RFCs, as you know. That meaning
is far stronger than "encourage".

> All of the similar messaging protocols (IMAP, POP3, SMTP) have 
> capability discovery commands, and clients are encouraged to and do use 
> them.

SMTP is special in that the capability discovery command replaces the
initial greeting command. I see nothing in RFC 2449 (POP3 extensions)
suggesting that it SHOULD (note capitals) be used. I haven't looked at
IMAP.

-- 
Clive D.W. Feather  | Work:  <clive at demon.net>   | Tel:    +44 20 8495 6138
Internet Expert     | Home:  <clive at davros.org>  | *** NOTE CHANGE ***
Demon Internet      | WWW: http://www.davros.org | Fax:    +44 870 051 9937
Thus plc            |                            | Mobile: +44 7973 377646

More information about the ietf-nntp mailing list