ietf-nntp TLS cipher renegotation to NULL cipher
Charles Lindsey
chl at clw.cs.man.ac.uk
Tue Feb 11 08:13:38 PST 2003
In <3E480E63.4DB06CC at oceana.com> Ken Murchison <ken at oceana.com> writes:
>The text below is taken from an IMAP mailing list thread regarding TLS
>renegotiation and/or DSS in NNTP. FWIW, I agree with Chris (as I and
>several others have from the beginning).
Yes, I must plead guilty to having started that thread. I was writing on
another matter, and just drew their attention to the NNTP discussions here
to see whether a consistent approach between IMAP and NNTP was
appropriate.
>Chris Newman wrote:
>And I'm saying that as someone who went to the trouble of writing a spec
>and implementing a prototype SASL mechanism for this purpose (plaintext
>password encrypted only during the authentication phase). I now think
>that
>work was largely a waste of time (although I had fun doing it and
>learned a
>lot).
It seems to me that is _exactly_ what is needed for NNTP.
>Encrypting data that doesn't need to be encrypted is good for overall
>security of the system.
And the mind boggles at the shear non-seuqiturness of that non-sequitur.
There seems to be a total lack of understanding in other communities of
the sheer volume carried by large NNTP servers. And the idea that they
should spend money on installing hardware encryptors for material that
never needed encrypting in the first place - well my mind just boggles.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl
Email: chl at clw.cs.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-nntp
mailing list