ietf-nntp NNTP AUTH draft

[Andrew Gierth]

>>>>> "Stan" == Stan O Barber <sob at verio.net> writes:

 Stan> Andrew,
 Stan> ANY authentication in current NNTP implementation is a LOCAL
 Stan> extension, not a standard one.

I'm aware of that.

On the other hand, the standard extension will simply not be adopted
unless it can be done in a way that doesn't break compatibility with
existing practice.

 Stan> We are specifying a STANDARD one. As such, it needs new
 Stan> response codes.

Even when the price is complete failure to interoperate with a large
existing client base?

While AUTHINFO USER is hardly the most satisfactory of authentication
mechanisms, it is very widely supported by both clients and servers,
and indeed is currently the sole basis of the multi-million-dollar
individual Usenet subscription industry. Breaking compatibility with
it is not an option either for a subscription service provider or,
more importantly, for a supplier of software to such providers.

 Stan> It's your choice as a server designer how you choose to support
 Stan> the legacy RFC 977 + well-known local extensions in the context
 Stan> of the new RFC977bis specs.

Suppose I wish to implement the new spec, and further suppose that I
have a large existing client base that uses the widespread existing
AUTHINFO USER/PASS extension.

My problem is that _any_ attempt to follow the new spec results in
complete loss of the ability to support that existing client base.
There is no way to reconcile the two; the new spec specifies behaviour
that is not compatible with existing clients, and there is no way for
the server to adapt its behaviour to the client either.

-- 
Andrew.