ietf-nntp Multiple AUTHINFOs per session

Ade Lovett ade at
Sun Jan 5 19:44:48 PST 2003

On 01/05/03 21:11, "Ken Murchison" <ken at> wrote:
> "Jeffrey M. Vinocur" wrote:
>> On 6 Jan 2003, Andrew Gierth wrote:
>>> in many cases it's awkward to actually change the credentials
>>> associated with the session.
>> I can imagine this in some implementations.
> How would this be used?  And couldn't this been done by creating a new
> session?

Gee thanks.  Creating a new session has a non-zero cost.  So I could
probably DoS a server under this scheme by sending repeated requests (let's
be clever and bounce between two accounts, rather than sending the same
account information over and over to defeat the (if same(username) and
same(password) do buggerall).


More information about the ietf-nntp mailing list