ietf-nntp TLS and AUTHINFO interaction
Jeffrey M. Vinocur
jeff at litech.org
Mon Mar 17 13:12:32 PST 2003
On Mon, 17 Mar 2003, Russ Allbery wrote:
> > The only thing that could potentially be a true problem is if someone
> > wants to *require* authentication before allowting STARTTLS. It's hard
> > to come up with a realistic scenario for this
>
> I can't think of one off-hand.
Ok, then I'm willing to disallow STARTTLS after authentication.
Except, um, one thing. Suppose the server does want to indicate
encryption being required for some command, and the client has already
authenticated. Can it send a 483 response? And if it does, is the client
expected to know that since it has authenticated, it needs to disconnect,
reconnect, negotiate TLS, and reauthenticate?
--
Jeffrey M. Vinocur
jeff at litech.org
More information about the ietf-nntp
mailing list