ietf-nntp RFC977bis w.r.t. authentication

[Stan Barber]

> Let me put it this way: I got the firm impression, from someone who could veto
> it in the IESG, that it won't pass without AUTHINFO SASL or GENERIC.
> That pushing authentication into another document won't work, and that making
> noises about nnrp.access/nntp_access in the document ain't enough.
> 
> It may be nothing much more than making SASL an alias for GENERIC.
> 
> If I could get someone familiar with SASL to talk to me, I don't think
> the "time" will be very long.

Are you saying that IESG insists that there be an authentication/identification
mechanism in ANY protocol even if the protocol doesn't require authentication
or identification to be useful? That's not what I have been told. I have been
told that if we have a protocol with authentication/identification in it, 
then it must use SASL or other similiar technologies that have already been
though the IESG review process. I have also been told that if we include
anything with clear-text passwords, that it must be depreciated and an
alternative mechanism must be provided that meets the criteria I outlined in
the previous sentence.

Remember, the discussion at IETF41 was to remove AUTHINFO (that's all of
AUTHINFO). There would be no clear text passwords in NNTP in this document
at all. The only mechanism that would be discussed at all would be those
that the implementor might choose to add based on end-point connectivity
information. 



-- 
Stan   | Academ Consulting Services        |internet: sob at academ.com
Olan   | For more info on academ, see this |uucp: mcsun!academ!sob
Barber | URL- http://www.academ.com/academ |Opinions expressed are only mine.