ietf-nntp Merge Newman's Authinfo draft into Main Draft?

Chris Newman Chris.Newman at INNOSOFT.COM
Tue May 26 04:09:01 PDT 1998


On Mon, 25 May 1998, Stan Barber wrote:
> Just because noone commented on the draft does not mean that there was 
> consensus on merging the draft back into the main draft. At best, it means
> that the contents of the draft are not objectionable to any one on the
> mailing list.

I believe the NNTPEXT charter forbids adding the AUTHINFO command to the
base spec in a way which meets IESG guidelines.

NNTPEXT is forbidden from adding new features to the protocol -- this
includes authentication technology which isn't already deployed.  On the
flip side, the IESG requires that if any authentication mechanism is
included in the base spec, then there must be a mandatory-to-implement
mechanism which does not use plaintext passwords.  These two requirements
end up being contradictory in this case.

NNTPEXT has two choices:

(A) Include no AUTHINFO command in base spec and document that current
practice is to permit public access to NNTP servers with restrictions 
based on source IP address (often enforced by a border packet filter).

(B) Update the NNTPEXT charter to permit us to add new authentication
technology as necessary to meet IESG requirements for authentication
commands.  Then solve the problem documented in
draft-newman-auth-mandatory-00.txt.

Unless we get a definitive IESG statement that NNTPEXT is not permitted to
do (A) and has to make incompatible changes to the NNTP protocol which
will make all current servers incompliant, I'd prefer to go with (A).  I
happen to think the NNTPEXT charter was well written and there isn't
justification to change it unless (A) is known to be a show-stopper.  I
know some form of question was posed to Marcus Leech, but we don't
know how that question was worded and only have a second-hand report of
the results.

> The next step should be to have the draft published in the 
> Internet Drafts respository so that folks not participating in the list might 
> have a chance to comment.

I just sent in the draft (with a list of open issues added).  It should
appear in a few days.

		- Chris





More information about the ietf-nntp mailing list