ietf-nntp TLS and AUTHINFO interaction
Jeffrey M. Vinocur
jeff at litech.org
Fri Mar 21 03:16:46 PST 2003
On Thu, 20 Mar 2003, Charles Lindsey wrote:
> Confusing two issues I think. STARTTLS when already authenticated is a
> policy issue (maybe it is disallowed by our standard, or maybe it is left
> to site policy, or maybe it automatically causes the authenticated status
> to be lost).
>
> Whereas turning STARTTLS off (as seen in LIST EXTENSIONS) is surely a
> protocol (not a policy) issue - it is plain ridiculous to START it again
> when you are already in TLS state.
Hmm, you do have a point here.
> Command State
> 1. STATTLS TLS
> 2. AUTHINFO TLS+AUTH
> 3. Drop TLS AUTH
> 4. (re)STARTTLS TLS (+AUTH maybe)
>
> Your rule seems to forbid restarting TLS (for whatever reason) after it
> has been dropped.
There is no dropping of TLS, as I understand it. (You can renegotiate
down to the NULL cipher, but I believe you're still within TLS when you do
that, and thus can renegotiate back up at any time. I'm not sure about
that, though.)
--
Jeffrey M. Vinocur
jeff at litech.org
More information about the ietf-nntp
mailing list