ietf-nntp Re: WG Review: Simple Authentication and Security Layer (sasl)

Charles Lindsey chl at
Tue Dec 17 03:34:38 PST 2002

In <3DFA2C52.613AF63B at> Ken Murchison <ken at> writes:

>TLSv1 actually.  It is the standardized version of SSL, which is
>currently used to encrypt NNTP traffic on port 963.  Most protocols are
>now defining a command, usually STARTTLS, to initiate a SSL/TLS exchange
>within the protocol itself.  It was my understanding that Jeff or
>someone else was going to draft a STARTTLS command for NNTP.  This
>command would then be mandatory to implement in order to use plaintext
>authentication.  Here are some relevent references:

But presumably that means encrypting the whole subsequent NNTP download
session. That seems a gross over-complication for downloading usenet news
which is all in the public domain anyway (it might be desirable for some
private and specialized uses of NNTP). All we are trying to do is to
enable the server to verify that the person trying to connect is one of
its known paying customers.

So I still think we need a much lighter-weight system that just encrypts
the AUTHINFO stage.

Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133   Web:
Email: chl at      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5

More information about the ietf-nntp mailing list