ietf-nntp NNTP AUTH draft update
Chris Newman
chris.newman at INNOSOFT.COM
Mon Nov 8 19:14:39 PST 1999
x5x vs. x8x resolution?
-----------------------
Here's the outline of the changes I plan in the next version based on
discussions at the IETF meeting:
Compliant clients MUST issue "LIST EXTENSIONS" prior to using "AUTHINFO".
If the "LIST EXTENSIONS" command fails, clients MAY attempt to use
"AUTHINFO USER"/"AUTHINFO PASS" but should be aware that the server is
likely to use x8x response codes in that case.
Servers MUST use the x5x response codes to "AUTHINFO" if the client issued
a "LIST EXTENSIONS" command. However, they MAY treat "AUTHINFO
USER"/"AUTHINFO PASS" received prior to a "LIST EXTENSIONS" command as the
pre-standard version of those commands and return commonly used private-use
x8x response codes (which will be listed in an appendix).
Servers MUST use x5x response codes with "AUTHINFO SASL".
I'll include an appendix which will state clearly that clients are free to
interpret private-use x8x error codes in any way (as per the base spec),
but will list the commonly used x8x code meanings for pre-standard NNTP
authentication. I'll also include a sample protocol trace of a compliant
client authenticating with a pre-standard server and vice-versa.
Additional Authentication Errors
--------------------------------
I also plan to add some additional x5x error codes to the next draft.
There's an expired Internet Draft draft-newman-auth-resp-00.txt which adds
those codes to mail protocols. They include things like password expired,
password transition needed, encryption required to use the specified
mechanism (for use with a STARTTLS extension), etc.
- Chris
More information about the ietf-nntp
mailing list