ietf-nntp TLS response codes

Russ Allbery rra at stanford.edu
Sun Mar 16 23:22:16 PST 2003


Currently, the response codes used by INN are a bit of a mess.  The 382
response code is fine, but for the rest of it, INN uses 483 for a reissue
of STARTTLS, which is wrong because it's a permanent error, and uses 580
for a failure in TLS negotiation.

I think 580 is the right error code for a failure in TLS negotiation, and
that way we can stay consistent.

For using STARTTLS after encryption is already active, we're removing
STARTTLS from the available extensions after it successfully completes,
right?  That would indicate that 500 is the right error code to use; after
all, it's no longer a recognized command.

We need some error code akin to 480 that the server can return whenever
the client attempts a command that requires a security layer.  I think we
should just standardize the same code in both the TLS and the SASL
extensions.  480, 481, and 482 are already in use by the informal AUTHINFO
extension (and 481 is also in use by XGTITLE, but that's another story).
So I think the question is whether we should skip 483 because INN used it
in an early implementation to mean something different, or if we should
repurpose it.

I don't have a strong opinion there.  I do think we should use either 483
or 484 for this.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the ietf-nntp mailing list