ietf-nntp Re: WG Review: Simple Authentication and Security
Layer (sasl)
Russ Allbery
rra at stanford.edu
Mon Dec 23 19:19:14 PST 2002
Charles Lindsey <chl at clw.cs.man.ac.uk> writes:
> Ken Murchison <ken at oceana.com> writes:
>> I'm sure that there are plenty of ISPs that can successfully provide
>> secure authentication without the *NEED* for a DSS-type mechanism. As
>> I've stated before, I can definitely see a fit for such a mechanism,
>> but you make it sound like nothing can be done without it.
> Yes indeed so. Currently, they ALL authenticate their customers
> regularly using AUTHINFO with plaintext passwords. It works fine.
No, they don't.
> The trouble is that the protocol is not written down anywhere,
Yes, it is. See RFC 2980.
> and we are not permitted to write it down because the IETF won't let us
> :-( .
No, this isn't the case. However, we do need to offer a better
alternative than just AUTHINFO and not make AUTHINFO the be-all and
end-all of NNTP authentication.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the ietf-nntp
mailing list