[NNTP] LIST EXTENSIONS (again)
Mark Crispin
MRC at CAC.Washington.EDU
Fri Nov 5 16:33:06 PST 2004
On Fri, 5 Nov 2004, Russ Allbery wrote:
> Every server that actually requires MODE READER will be broken by that
> order. Fixing the servers that require that order is equivalent to
> eliminating MODE READER entirely.
Only those servers which *also* have STARTTLS and/or AUTHINFO.
How many such servers are there in the wild? I suspect that this is a
very small number.
> You can see why by observing what MODE READER does on a system that
> actually needs it: it causes a separate program to be spawned and the
> connection passed to that program, destroying all established session
> state. There's no way to preserve a TLS connection and an authentication
> session across that sort of change.
I certainly understand the technical difficulty (not impossibility) of
fixing this. That doesn't mean that this isn't the right solution,
especially when we consider the task of changing a handful of deployed
servers (if any) against tens of thousands of deployed clients.
It may be possible to help inn by making some simplifying assumptions.
For example, if STARTTLS and AUTHINFO are assumed to be done only by
readers, then these commands can do an implicit MODE READER and then make
the subsequent MODE READER be a no-op.
If it's necessary for peers to do TLS and/or authentication, perhaps we
could have a separate command for peer TLS and/or authentication.
Of course, I'm happy with the notion of eliminating MODE READER entirely
(which I agree is what this all implies), so my position has to be
considered with that in mind... :-)
-- Mark --
http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.
More information about the ietf-nntp
mailing list