ietf-nntp Re: WG Review: Simple Authentication and Security Layer
(sasl)
Ken Murchison
ken at oceana.com
Fri Dec 13 10:54:58 PST 2002
Ken Murchison wrote:
>
> Charles Lindsey wrote:
> >
> > In <3DF8FDDD.C4D7E35 at oceana.com> Ken Murchison <ken at oceana.com> writes:
> >
> > >Charles Lindsey wrote:
> > >>
> > >> AFAIR, at the time we removed AUTHINFO from our draft (that was years
> > >> ago), it was because we were told that the IETF would no longer
> > >> countenance any new standards that allowed (let alone required) the
> > >> sending of passwords in plain text. I has always assumed that this was the
> > >> issue on which Chris was supposed to be working.
> >
> > >It is my understanding that plaintext mechs are allowed as long as they
> > >can be protected by some external layer (eg, TLS). The updated IMAP
> > >draft has language to this effect and has passed an initial IESG
> > >review. That being said, other members of ietf-imapext and ietf-sasl
> > >are more qualfied to address this issue.
> >
> > Please explain to me what TLS is. Whatever, I don't think it is
> > customarily used with NNTP.
>
> TLSv1 actually. It is the standardized version of SSL, which is
> currently used to encrypt NNTP traffic on port 963. Most protocols are
> now defining a command, usually STARTTLS, to initiate a SSL/TLS exchange
> within the protocol itself. It was my understanding that Jeff or
> someone else was going to draft a STARTTLS command for NNTP. This
> command would then be mandatory to implement in order to use plaintext
> authentication. Here are some relevent references:
>
> http://www.ietf.org/rfc/rfc2246.txt
> http://www.ietf.org/internet-drafts/draft-crispin-imapv-20.txt
> http://www.ietf.org/rfc/rfc2595.txt
> http://www.ietf.org/rfc/rfc3207.txt
Oops! Hit send prematurely. Here is the latest PLAIN draft.
http://www.ietf.org/internet-drafts/draft-zeilenga-sasl-plain-01.txt
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the ietf-nntp
mailing list