ietf-nntp Response code issues
Jeffrey M. Vinocur
jeff at litech.org
Mon Mar 24 16:20:27 PST 2003
On Mon, 24 Mar 2003, Clive D.W. Feather wrote:
> Okay, if this is so then - combined with the comments above about
> extensions - it says to be that 480 *has* to be made a generic response.
Then we need 483 too, don't we? (For people not keeping up on the
STARTTLS draft, we're standardizing a response code meaning
"stronger encryption required" -- either 483 or 484.)
You managed to phrase the text for 480 to nicely avoid the existence of
any actual authentication procedure, but I don't see offhand a comparably
nice way to do 483 :-/
> If the client is not
> authorized to use the specified facility when the server is in its
> current state, and it is necessary to terminate the connection and
> start a new one with the appropriate authority before the command
> can be used, then the response code 502 MUST be returned.
Thinking about implementation, I'm a little worried about that MUST.
Suppose a server provides read-only access to the world, and
administrators can authenticate to get post access, but only if they're on
the local subnet. Does the text above indicate that the server has to
distinguish between local and non-local IP addresses? (It might be
easier for an implementation to simply return 480 to all POST commands at
this stage, and then decide whether or not to accept authentication from a
given IP when that authentication is actually given.)
So perhaps the "it is necessary to terminate the connection" should be
preceded by something like "the server wishes to indicate that"?
--
Jeffrey M. Vinocur
jeff at litech.org
More information about the ietf-nntp
mailing list