ietf-nntp Draft 17 pre-2
Russ Allbery
rra at stanford.edu
Tue Feb 25 12:08:44 PST 2003
Ken Murchison <ken at oceana.com> writes:
> This is to prevent some dumb client from trying a plaintext mechanism
> USER/PASS or PLAIN only to find out that the server has disabled these
> (either entirely or until protected by TLS) for security reasons.
This isn't a problem for AUTHINFO USER since AUTHINFO USER will return an
error and the client then won't continue by sending the password. Does
SASL PLAIN have this problem, or does it similarly have a way for the
server to abort the authentication before the password is sent?
> I'd consider a client that knows about LIST EXTENSIONS, but doesn't use
> it (eg, just tries commands to see what works and what doesn't), at the
> very least unfriendly and at the worst poorly implemented.
I think this is going to depend some on what extensions one is using. In
another five years, for example, I certainly won't expect clients to send
LIST EXTENSIONS before trying OVER.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the ietf-nntp
mailing list