ietf-nntp Minutes from the WG (these have been submitted to IETF)

[Nat Ballou]

> From: Chris Lewis <clewis at nortel.ca>
>
>I was anticipating do this via "AUTHINFO GENERIC LIST", and have LIST
>be a authentication scheme that provides the list of authentications
>available, then "nests" to a selected one.  The advantage to this is
>that NNTP doesn't need to define how this is done.  The disadvantage
>is that I may have to get around to doing some sort of AUTHINFO GENERIC
>subprotocol spec/BCP a bit sooner than I thought.
>
>Do people consider this acceptable?  As in, can we leave how to do
>"LIST" out of the spec and leave it to a later date - assuming for now
>that browser-end authenticators "know" which ones are available?  Then
>LIST can be added later without touching the NNTP spec.

Actually, there are already at least two shipping NNTP servers that use
the command 'AUTHINFO GENERIC' (i.e., no arguments) to return
a list of authentication providers supported by the server.  Each line
contains a string that can be used as an argument to AUTHINFO
GENERIC.  The list is terminated by a CRLF.CRLF.  This is similar
to the AUTH extension proposed for POP3.

I know others may have arguments to do other ways - and that's fine
- we should document this new way in RFC977bis.  However, the
above is BCP, IMHO.

Nat