ietf-nntp TLS and AUTHINFO interaction
Russ Allbery
rra at stanford.edu
Mon Mar 17 20:15:06 PST 2003
Harmeet Bedi <harmeet at kodemuse.com> writes:
> Here is a scenerio.
> - NNTPReader authenticates securely over plain socket and then upgrades to
> TLS for a secure channel.
> - TLS does not do mutual authentication and server already knows Reader
> identity.
The whole idea is basically that you're not supposed to do that. You're
supposed to upgrade to TLS right away if you're going to use it, before
you authenticate.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the ietf-nntp
mailing list