ietf-nntp Currently outstanding issues
Ken Murchison
ken at oceana.com
Sat Apr 26 10:37:05 PDT 2003
"Jeffrey M. Vinocur" wrote:
>
> Here's the text:
>
> | [... man-in-the-middle attacks ...] An NNTP client can partially
> | protect against these attacks by recording the fact that a particular
> | NNTP server offers TLS during one session and generating an alarm if it
> | does not appear in the LIST EXTENSIONS response for a later session.
I think this is fine. In this case, the client is caching the info for
later comparison, not to avoid calling LIST EXTENSIONS in subsequent
sessions.
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the ietf-nntp
mailing list