ietf-nntp RFC977bis w.r.t. authentication

[Stan Barber]

> As far as I know, the IEGS is requiring that ALL standardized protocols have
> security.  Especially the application protocols.

Again, I was told that IESG wants security issues addressed in any standardized
protocol. That's different that requiring them to have authentication and
identification features when they are not required.

Now, one could argue that NNTP requires this to be useful. I think that 
arguement is not supported by the popularity of NNTP over the years. Clearly,
having such features makes NNTP more useful for certain applications, but
without them NNTP is still useful without the authentication and identification
features that AUTHINFO (in any form) provides. 

In any case, the AUTHINFO stuff needs to be there even if it is in another
document as an extension to NNTP, so let's work out the details of what needs
to be said and then I'll float it as a trial past the ADs to see if it flies.
I'll even ask other IESG folks to take a look, but I don't want to go to them
with no concrete proposal in this area. 



-- 
Stan   | Academ Consulting Services        |internet: sob at academ.com
Olan   | For more info on academ, see this |uucp: mcsun!academ!sob
Barber | URL- http://www.academ.com/academ |Opinions expressed are only mine.