ietf-nntp AUTHINFO

Charles Lindsey chl at clw.cs.man.ac.uk
Wed Jan 2 04:08:53 PST 2002


In <5.1.0.14.0.20020101183724.00a8b178 at box.tin.it> Maurizio Codogno <puntomaupunto at tin.it> writes:

>Even if it true that cleartext passwords are existing practice, and therefore
>should be kept, I fear that IESG would object anyway to their inclusion in the
>RFC. Probably the only way to escape it requires that servers MUST implement
>SASL, and MAY fallback to cleartext only if the client does not accept SASL.
>Not the best situation, I think.

Would there be any future in documenting the cleartext passwords as an
obsolete (and deprecated) feature, perhaps in a historical Appendix? This
would be done in the AUTHINFO extension document, not in the present
draft, of course.

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133   Web: http://www.cs.man.ac.uk/~chl
Email: chl at clw.cs.man.ac.uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5



More information about the ietf-nntp mailing list