ietf-nntp TLS and AUTHINFO interaction

Russ Allbery rra at stanford.edu
Mon Mar 17 19:38:17 PST 2003


Jeffrey M Vinocur <jeff at litech.org> writes:

> I was planning on lumping the already-authenticated state in with the
> already-established-TLS state; in both cases STARTTLS would not appear
> in list extensions, the client would be expected to know not to try it,
> and any attempt to try it would be met with 500.  The two cases seem
> very similar to me.

Hm... is it kosher to have LIST EXTENSIONS change after authentication?
It seems like we're asking the client to use LIST EXTENSIONS a lot, since
it's supposed to use that first to check to see if AUTHINFO SASL or
STARTTLS are supported too....

Having LIST EXTENSIONS change bothers me vaguely, although I know that the
client does need to reissue after STARTTLS for other reasons, and I guess
for STARTTLS at least that this is the way other protocols have done it.

But if we could avoid making the client reissue LIST EXTENSIONS after
authentication, I think I'd prefer it.  Hm.  But I guess I don't have that
strong of an opinion.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the ietf-nntp mailing list