ietf-nntp AUTHINFO SASL protocol choices
Russ Allbery
rra at stanford.edu
Thu Mar 14 10:18:01 PST 2002
Jeffrey M Vinocur <jeff at litech.org> writes:
> 2. Exactly like the above, but without the client needing to wait for
> the server's GO AHEAD to send the multi-line (POST-like) blob.
> 3. Each client token is passed in a separate command as one line, and
> the server tokens come back in single-line responses:
I vote for either 2 or 3 and lean towards 2 just because it requires less
fiddling and would be much easier to implement in an existing server
without having to make global modifications like changing the allowed
command length.
While it's true there's no base NNTP command that lets you send multiline
data without a server response, there is a widely used command with that
property (TAKETHIS), and I can't think of any problems with that approach.
It seems a little bit cleaner to me than putting a chunk of base64 data in
a single-line response.
Also, if the current SASL mechanism specifications don't state the longest
possible response, there's going to be a long interim period where people
are going to be trying to work that out from analyzing the mechanism and
possibly getting it wrong. (And figuring it out requires being an expert
in each SASL mechanism, which is something SASL's designed to avoid.)
But 3 would also work, and I suppose it would also potentially address the
separate problem of command lengths.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the ietf-nntp
mailing list