ietf-nntp Re: WG Review: Simple Authentication and Security
Layer (sasl)
Jeffrey M. Vinocur
jeff at litech.org
Tue Dec 17 07:44:47 PST 2002
On Tue, 17 Dec 2002, Charles Lindsey wrote:
> But presumably that means encrypting the whole subsequent NNTP download
> session. That seems a gross over-complication for downloading usenet news
> which is all in the public domain anyway (it might be desirable for some
> private and specialized uses of NNTP). All we are trying to do is to
> enable the server to verify that the person trying to connect is one of
> its known paying customers.
Right. This was exactly Andrew's original complaint...
> So I still think we need a much lighter-weight system that just encrypts
> the AUTHINFO stage.
Note that despite the absence of any existing SASL mechanism to do this,
there's no reason one can't exist, and so this need not be considered an
objection to AUTHINFO SASL itself.
--
Jeffrey M. Vinocur
jeff at litech.org
More information about the ietf-nntp
mailing list