Suggestion for draft-ietf-nntpext-base-02.txt

William H. Magill magill at isc.upenn.edu
Fri Jan 9 08:44:26 PST 1998


>   On Thu, 8 Jan 1998, Robert Bannocks wrote:
>   > ---
>   > 9.1.2 AUTHINFO SETPASS username current-password new-password
>
>   Ignoring the fact that the spec couldn't pass the IESG if you add this
>   unless you also require implementation of TLS...  Plaintext passwords are
>   not allowed in IETF protocols unless they are encrypted or exist for
>   legacy purposes and a stronger mechanism is mandatory-to-implement.
>
>   I personally believe there should be a separate password change protocol.
>   That way, a client which does POP, IMAP, HTTP, SMTP and NNTP doesn't have
>   to have a custom password change command for each of those protocols.
>   Instead you only have to implement it once.
>
>                  - Chris
>
I whole heartedly agree! ESPECIALLY with Chris' last paragraph.

T.T.F.N.
William H. Magill                          Senior Systems Administrator
Information Services and Computing (ISC)   University of Pennsylvania
Internet: magill at isc.upenn.edu             magill at acm.org
          magill at upenn.edu                 http://pobox.upenn.edu/~magill/



More information about the ietf-nntp mailing list