ietf-nntp Draft 17 pre-2
Ken Murchison
ken at oceana.com
Tue Feb 25 10:38:08 PST 2003
"Jeffrey M. Vinocur" wrote:
>
> On Tue, 25 Feb 2003, Clive D.W. Feather wrote:
>
> > I'm very unhappy with the idea that LIST EXTENSIONS causes any kind of
> > state change in the server. It's a kludge.
> >
> > "It is not required that the client issues this command before
> > attempting to make use of any extension."
>
> How do you feel about an extension *requiring* LIST EXTENSIONS from the
> client, but not having any state changed on the server?
>
> (There's something to this effect in the still-in-progress AUTHINFO USER /
> AUTHINFO SASL draft, about the client having to do LIST EXTENSIONS before
> using AUTHINFO USER. I don't know what Chris had in mind, but my best
> guess is that he wants to ensure that "compliant" clients determine if a
> secure authentication method is available before falling back to
> plaintext.)
This is to prevent some dumb client from trying a plaintext mechanism
USER/PASS or PLAIN only to find out that the server has disabled these
(either entirely or until protected by TLS) for security reasons.
I'd consider a client that knows about LIST EXTENSIONS, but doesn't use
it (eg, just tries commands to see what works and what doesn't), at the
very least unfriendly and at the worst poorly implemented.
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the ietf-nntp
mailing list