Suggestion for draft-ietf-nntpext-base-02.txt
William H. Magill
magill at isc.upenn.edu
Fri Jan 9 08:44:26 PST 1998
> On Thu, 8 Jan 1998, Robert Bannocks wrote:
> > ---
> > 9.1.2 AUTHINFO SETPASS username current-password new-password
>
> Ignoring the fact that the spec couldn't pass the IESG if you add this
> unless you also require implementation of TLS... Plaintext passwords are
> not allowed in IETF protocols unless they are encrypted or exist for
> legacy purposes and a stronger mechanism is mandatory-to-implement.
>
> I personally believe there should be a separate password change protocol.
> That way, a client which does POP, IMAP, HTTP, SMTP and NNTP doesn't have
> to have a custom password change command for each of those protocols.
> Instead you only have to implement it once.
>
> - Chris
>
I whole heartedly agree! ESPECIALLY with Chris' last paragraph.
T.T.F.N.
William H. Magill Senior Systems Administrator
Information Services and Computing (ISC) University of Pennsylvania
Internet: magill at isc.upenn.edu magill at acm.org
magill at upenn.edu http://pobox.upenn.edu/~magill/
More information about the ietf-nntp
mailing list