ietf-nntp TLS and AUTHINFO interaction

Jeffrey M. Vinocur jeff at litech.org
Mon Mar 17 13:12:32 PST 2003


On Mon, 17 Mar 2003, Russ Allbery wrote:

> > The only thing that could potentially be a true problem is if someone
> > wants to *require* authentication before allowting STARTTLS.  It's hard
> > to come up with a realistic scenario for this
> 
> I can't think of one off-hand.

Ok, then I'm willing to disallow STARTTLS after authentication.

Except, um, one thing.  Suppose the server does want to indicate 
encryption being required for some command, and the client has already 
authenticated.  Can it send a 483 response?  And if it does, is the client 
expected to know that since it has authenticated, it needs to disconnect, 
reconnect, negotiate TLS, and reauthenticate?


-- 
Jeffrey M. Vinocur
jeff at litech.org




More information about the ietf-nntp mailing list