ietf-nntp Re: WG Review: Simple Authentication and Security Layer (sasl)

Ken Murchison ken at oceana.com
Fri Dec 13 10:54:58 PST 2002


Ken Murchison wrote:
> 
> Charles Lindsey wrote:
> >
> > In <3DF8FDDD.C4D7E35 at oceana.com> Ken Murchison <ken at oceana.com> writes:
> >
> > >Charles Lindsey wrote:
> > >>
> > >> AFAIR, at the time we removed AUTHINFO from our draft (that was years
> > >> ago), it was because we were told that the IETF would no longer
> > >> countenance any new standards that allowed (let alone required) the
> > >> sending of passwords in plain text. I has always assumed that this was the
> > >> issue on which Chris was supposed to be working.
> >
> > >It is my understanding that plaintext mechs are allowed as long as they
> > >can be protected by some external layer (eg, TLS).  The updated IMAP
> > >draft has language to this effect and has passed an initial IESG
> > >review.  That being said, other members of ietf-imapext and ietf-sasl
> > >are more qualfied to address this issue.
> >
> > Please explain to me what TLS is. Whatever, I don't think it is
> > customarily used with NNTP.
> 
> TLSv1 actually.  It is the standardized version of SSL, which is
> currently used to encrypt NNTP traffic on port 963.  Most protocols are
> now defining a command, usually STARTTLS, to initiate a SSL/TLS exchange
> within the protocol itself.  It was my understanding that Jeff or
> someone else was going to draft a STARTTLS command for NNTP.  This
> command would then be mandatory to implement in order to use plaintext
> authentication.  Here are some relevent references:
> 
> http://www.ietf.org/rfc/rfc2246.txt
> http://www.ietf.org/internet-drafts/draft-crispin-imapv-20.txt
> http://www.ietf.org/rfc/rfc2595.txt
> http://www.ietf.org/rfc/rfc3207.txt

Oops!  Hit send prematurely.  Here is the latest PLAIN draft.

http://www.ietf.org/internet-drafts/draft-zeilenga-sasl-plain-01.txt

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp



More information about the ietf-nntp mailing list