ietf-nntp AUTHINFO SASL protocol choices
Andrew Gierth
andrew at erlenstar.demon.co.uk
Thu Apr 4 13:01:37 PST 2002
>>>>> "Russ" == Russ Allbery <rra at stanford.edu> writes:
> Charles Lindsey <chl at clw.cs.man.ac.uk> writes:
>> But if their upper bound is to be over that reasonable amount,
>> then we shall have to define (and people will have to implement) a
>> mechanism with an 'escape' to multiline, even though it is most
>> unlikely it would ever be needed in real life.
Russ> If the upper bound is over a reasonable amount, we should just
Russ> always use multiline. Let's please not provide two ways of
Russ> doing something when we don't need to.
The reason for allowing an initial parameter is to avoid blowing a
round-trip unnecessarily.
e.g. if all the strings are <400-odd characters, for some hypothetical
SASL scheme in which the client goes first:
C> AUTHINFO SASL method START client-string-1
S> 3xx server-string-1
C> AUTHINFO SASL method NEXT client-string-2
S> 3xx server-string-2
C> AUTHINFO SASL method NEXT client-string-3
S> 2xx access allowed
(3 roundtrips)
whereas the same in multiline-only would have to be something more
like:
C> AUTHINFO SASL method START
S> 3xx continue authentication sequence
C> client-string-1
C> .
S> 3xx server response follows
S> server-string-1
S> .
C> AUTHINFO SASL method DATA
S> 3xx continue authentication sequence
C> client-string-2
C> .
S> 3xx server response follows
S> server-string-2
S> .
C> AUTHINFO SASL method DATA
S> 3xx continue authentication sequence
C> client-string-3
C> .
S> 2xx access allowed
(6 roundtrips)
Having auth take twice as long would be a nuisance...
--
Andrew.
More information about the ietf-nntp
mailing list