ietf-nntp NNTP AUTH draft update
Andrew Gierth
andrew at erlenstar.demon.co.uk
Thu Nov 11 09:16:55 PST 1999
>>>>> "Clive" == Clive D W Feather <clive at demon.net> writes:
>> Compliant clients MUST issue "LIST EXTENSIONS" prior to using "AUTHINFO".
>> If the "LIST EXTENSIONS" command fails, clients MAY attempt to use
>> "AUTHINFO USER"/"AUTHINFO PASS" but should be aware that the server is
>> likely to use x8x response codes in that case.
>>
>> Servers MUST use the x5x response codes to "AUTHINFO" if the client issued
>> a "LIST EXTENSIONS" command. However, they MAY treat "AUTHINFO
>> USER"/"AUTHINFO PASS" received prior to a "LIST EXTENSIONS" command as the
>> pre-standard version of those commands and return commonly used private-use
>> x8x response codes (which will be listed in an appendix).
Clive> No, no, no ! That is the most horrible broken bogus design
Clive> I've seen in ages.
Clive> LIST EXTENSIONS is supposed to tell you what the server is
Clive> capable of. As such, it shouldn't affect the internal state of
Clive> the server at all. There's certainly nothing in the present
Clive> NNTP draft to even suggest that it might affect (as opposed to
Clive> reflect) server state.
Clive> If backwards compatibility of the old form is vital, then use
Clive> a new name for the version with x5x codes:
That isn't enough, because the issue is what response the server gives
to commands _other than_ AUTHINFO when it requires that the user
authenticate.
There is an existing client base that _will not_ even _attempt_ to
authenticate until some command fails with a 480 error code. Such
clients will do exchanges like:
[S] 200 FooNews server ready (posting ok)
[C] group foonews.general
[S] 480 authentication required
[C] authinfo user foo
[S] 381 password required
[C] authinfo pass bar
[S] 281 ok
[C] group foonews.general
[S] 211 273 12884 13157 foonews.general
And as I've pointed out, some of these clients even issue the LIST
EXTENSIONS command....
Clive> Or else state that compatibility with old AUTHINFO USER
Clive> implementations isn't important.
If the choice is between implementing the new draft and keeping
compatibility with the existing client base, then the new draft
will not be implemented.
--
Andrew.
More information about the ietf-nntp
mailing list