ietf-nntp TLS and AUTHINFO interaction
Jeffrey M. Vinocur
jeff at litech.org
Mon Mar 17 12:22:56 PST 2003
On Sun, 16 Mar 2003, Russ Allbery wrote:
> >> [ Ken: ]
> >> Instead of flushing the authentication info, why not
> >> just say that the STARTTLS command is only valid in the
> >> non-authenticated state
>
> I generally agree with Ken, [...]
Question as I consider how to phrase the revision suggested above. The
existing text in question reads
The server MUST discard any knowledge obtained from the client, such
as the result of a previous authentication, which was not obtained
from the TLS negotiation itself.
If we disallow previous authentication, is there *any* knowledge that
needs to be discarded, or should this whole sentence be removed?
> If we disallow STARTTLS after authentication, that client would have to
> disconnect and then reconnect with STARTTLS at first.
I don't like that at first, but them I remember that in practice clients
are disconnecting and reconnecting all the time behind the user's back
because of timeouts (and just to be polite to the server). So that
doesn't worry me so much.
The only thing that could potentially be a true problem is if someone
wants to *require* authentication before allowting STARTTLS. It's hard to
come up with a realistic scenario for this (uh, I guess if TLS negotiation
is expensive, the admin might want to put some sort of authentication step
in front of it?) but if anybody else has a good one...
--
Jeffrey M. Vinocur
jeff at litech.org
More information about the ietf-nntp
mailing list