ietf-nntp Currently outstanding issues
Jeffrey M. Vinocur
jeff at litech.org
Sat Apr 26 06:26:27 PDT 2003
On Sat, 26 Apr 2003, Ken Murchison wrote:
> "Jeffrey M. Vinocur" wrote:
>
> > (Hmm, you might want to point out here that an extension could "increase
> > in the maximum length of commands over the value specified in this
> > document" [section 8] -- or is that being silly?)
>
> I assume that you're mentioning this for SASL? I agree, that extensions
> should be able to extend this limit.
Sorry, I wasn't clear. The text I quoted *is* in the section on the
extensions mechanism as something extension description documents must
include; I just wanted to know if it might help to refer to it in the
section about the 512 character limit.
> > | An NNTP client MUST NOT cache (for use in another session) any
> > | information returned if the LIST EXTENSIONS command succeeds. That
> > | is, an NNTP client is only able to get the current and correct
> > | information concerning available extensions at any point during a
> > | session by issuing a LIST EXTENSIONS command at that point of that
> > | session and processing the response. [section 5.3.2]
> >
> > In the SASL draft-to-be, I believe we indicate that a client might be wise
> > to cache this information in order to display a cautionary message to the
> > user should a high-security method be missing (perhaps indicating a
>
> I don't follow what you're saying without seeing the actual AUTHINFO
> SASL text, but a single session can do whatever it wishes with the info
> that it discovers.
Here's the text:
| [... man-in-the-middle attacks ...] An NNTP client can partially
| protect against these attacks by recording the fact that a particular
| NNTP server offers TLS during one session and generating an alarm if it
| does not appear in the LIST EXTENSIONS response for a later session.
So I'm trying to decide if the second sentence from 5.3.2 above is the
(normative) definition of "use in another session", or just a (n
informative) clarification.
--
Jeffrey M. Vinocur
jeff at litech.org
More information about the ietf-nntp
mailing list