ietf-nntp AUTHINFO

Maurizio Codogno puntomaupunto at tin.it
Tue Jan 1 09:41:12 PST 2002


Charles:

>In <3C30E420.7A210B9A at verio.net> "Stan O. Barber" <sob at verio.net> writes:
>
> >We are not going to submit a AUTHINFO style extension that has only 
> clear-text.
> >It will not be accepted by IESG without some reasonable strength in the
> >authorization mechanism.
>
>Are the IESG likely to accept an AUTHINFO design which includes BOTH
>cleartest passwords and SASL as options? The fact is that cleartext
>passwords, however undesirable, are widely used currently.

Even if it true that cleartext passwords are existing practice, and therefore
should be kept, I fear that IESG would object anyway to their inclusion in the
RFC. Probably the only way to escape it requires that servers MUST implement
SASL, and MAY fallback to cleartext only if the client does not accept SASL.
Not the best situation, I think.

ciao, .mau.




More information about the ietf-nntp mailing list