ietf-nntp Feedback on the 9/3 nntpext.
Brian Hernacki
bhern at netscape.com
Fri Sep 5 14:42:28 PDT 1997
Larry Osterman (Exchange) wrote:
>
> The reason a client might want to keep a connection open is to avoid
> re-authenticating a user. Consider, for example an OTP system. In
> such a system, the users credentials have a limited lifetime (typically
> several hundred iterations), after which the user needs to get a new set
> of credentials.
>
> In such an environment, it is critical that clients minimize the number
> of authentications, and every server disconnection forces one of the
> passwords to be exhausted.
>
> Also, on many systems authentication is quite slow (up to half a second
> or more), so clients try to avoid authentications as much as possible -
> and again, if the server disconnects, it causes unnecessary client
> slowdowns.
In that system, the admin would just set the timeout to be sufficiently
long.
> All I'm getting at is that I think that it makes sense for the NNTP
> draft to:
> a) Mandate that timeouts are legal
I don't think there is any disagreement about timeouts being legal.
> and b) Place some restrictions on a minimum length for that timeout.
>
> I don't care what the minimum timeout is (1 minute :)), but there SHOULD
> be a minimum timeout.
Why?
--brian
More information about the ietf-nntp
mailing list