ietf-nntp AUTHINFO SASL protocol choices

[Jeffrey M. Vinocur]

On Thu, 14 Mar 2002, Russ Allbery wrote:

> Jeffrey M Vinocur <jeff at litech.org> writes:
>
> > 2.  Exactly like the above, but without the client needing to wait for
> > the server's GO AHEAD to send the multi-line (POST-like) blob.
>
> While it's true there's no base NNTP command that lets you send multiline
> data without a server response, there is a widely used command with that
> property (TAKETHIS), and I can't think of any problems with that approach.

Mmmm, I didn't realize there was precedent.  (I tend to be more aware of
the commands used by readers.)  Then yes, I agree with Russ; 2 is best but
3 is also fine.


> It seems a little bit cleaner to me than putting a chunk of base64 data in
> a single-line response.

I don't have a good feel for whether we really have a good bound on the
length of SASL responses, because I don't know SASL well enough.  If they
really are fixed-length, then I have no problem with it.  If getting a
bound is difficult, then perhaps 3 is a bit of a hack.


> Also, if the current SASL mechanism specifications don't state the longest
> possible response, there's going to be a long interim period where people
> are going to be trying to work that out from analyzing the mechanism and
> possibly getting it wrong.  (And figuring it out requires being an expert
> in each SASL mechanism, which is something SASL's designed to avoid.)

Well, hopefully someone would come forward for each of the SASL
mechanisms.  Certainly we shouldn't be trying to figure it out.  But yes,
this could take a while.


> But 3 would also work, and I suppose it would also potentially address the
> separate problem of command lengths.

I wouldn't mind seeing it, regardless of whether we need it for AUTHINFO
SASL.

-- 
Jeffrey M. Vinocur
jeff at litech.org