[NNTP] Re: Comments on draft-ietf-nntp-tls-nntp-05.txt
chl at clerew.man.ac.uk
Wed May 25 03:46:54 PDT 2005
In <42937D2E.8050507 at oceana.com> Ken Murchison <ken at oceana.com> writes:
>Unless someone vigorously objects, I think I'm going to remove any
>mention of down-negotiation from the draft. I will be drafting an
>update to the expired PASSDSS SASL mech soon, which would hopefully be
>the best alternative to TLS+PLAIN.
I think it should remain. Although the whole business of authenticating
and then down-negotiation is a kludge, I think it is a necessary kludge
for the time being, and therefore should be described correctly.
Of course, we all know that in practice people are going to continue to
send passwords in the clear, but you aren't supposed to say that while any
IETF people are listening :-) .
A news SASL mechanism is the ultimate and clean solution.
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-nntp