ietf-nntp Multiple AUTHINFOs per session

Russ Allbery rra at stanford.edu
Mon Jan 6 10:24:38 PST 2003


Jeffrey M Vinocur <jeff at litech.org> writes:

> How about a compromise?  This draft specifies an AUTHINFO capability to
> be returned by LIST EXTENSIONS.  How about I point out that a server
> which does not want clients to do multiple authentications steps can
> avoid listing that capability after authentication has been performed?

I'm somewhat leery of solving problems like this by adding a new extension
tag.  That may well be the right way of solving it, but each extension tag
adds another variable in an implementation and therefore another thing
that a client author has to think about.  That means it adds to the
overall complexity of the specification.

If we need that complexity, that's great, but if we don't need that
complexity, I think it's better to just pick something.  There's a
standard maxim when writing RFCs that goes something like "when there's
two ways of doing something, pick one."

Maybe we should check with news.software.nntp to see if there's anyone
who's going to be unhappy if multiple AUTHINFO commands aren't supported?

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the ietf-nntp mailing list