ietf-nntp Re: WG Review: Simple Authentication and Security Layer
(sasl)
Ken Murchison
ken at oceana.com
Tue Dec 17 10:26:58 PST 2002
Charles Lindsey wrote:
>
> In <3DFA2C52.613AF63B at oceana.com> Ken Murchison <ken at oceana.com> writes:
>
> >TLSv1 actually. It is the standardized version of SSL, which is
> >currently used to encrypt NNTP traffic on port 963. Most protocols are
> >now defining a command, usually STARTTLS, to initiate a SSL/TLS exchange
> >within the protocol itself. It was my understanding that Jeff or
> >someone else was going to draft a STARTTLS command for NNTP. This
> >command would then be mandatory to implement in order to use plaintext
> >authentication. Here are some relevent references:
>
> But presumably that means encrypting the whole subsequent NNTP download
> session. That seems a gross over-complication for downloading usenet news
> which is all in the public domain anyway (it might be desirable for some
> private and specialized uses of NNTP). All we are trying to do is to
> enable the server to verify that the person trying to connect is one of
> its known paying customers.
The same could be said about IMAP providers, but some of them provide
STARTTLS. Of course, I'm sure they would prefer not to.
> So I still think we need a much lighter-weight system that just encrypts
> the AUTHINFO stage.
I agree that a SASL mech which encrypts only the plaintext password is
desirable. The biggest problem that I can see with this is getting
client vendors to implement it. I would assume that it would be much
easier for them to implement USER/PASS and/or PLAIN along with SSL/TLS
based on the simplicity of the authentication and the availability
SSL/TLS code. I'm not up to speed on all of the various NNTP clients,
but I would assume that a few already have support for USER/PASS over
SSL (port 563).
As Jeff said, none of this should impede the progress of AUTHINFO SASL
and STARTTLS moving forward.
Ken
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the ietf-nntp
mailing list