ietf-nntp Response code issues

Clive D.W. Feather clive at demon.net
Mon Mar 31 04:04:49 PST 2003 

Jeffrey M. Vinocur said:
> > The only problem is if 483 can be returned to a client that has not invoked
> > anything outside the main NNTP specification. Is that so?
> 
> The intent as written (can you be more specific about what's unclear so I 
> can revise it?) is that 483 could be returned in response to any command 
> should the server wish to indicate that encryption is required for that 
> command.

But it never actually says that. You've got a heading "Authentication
response codes", which implies we're talking about authentication. Except
that we're not. You need to be more explicit that *any* client command,
from the base specification or any other extension, can return this code.

> Now, in practice, this is most likely to be AUTHINFO.  But ?Russ described 
> a scenario in which authentication is not necessary, but encryption is 
> desired for a particular group.  So while we *could* restrict 483 to being 
> returned by AUTHINFO, I think that might be unnecessarily restrictive.

What bothers me is that we're rapidly introducing a situation where each
extension has a generic response code *for core commands* effectively
meaning "you can't do this until you've invoked this extension". First it
was 480 for authorisation, now 483 for encryption. What next? Please don't
say there won't be a next, because I'm skeptical in the extreme.

I could about swallow adding 480, because we've already got x8x for
authorisation, and the distinction between 480 and 502 is worth it. But I'm
very unhappy about this proliferation. I think more, and wider, debate is
needed.

>> 480 should mean "you could try authenticating" while 502 should mean "this
>> connection will never have access".
> Indeed -- I'm just not sure a strict reading of the text you had conveyed 
> that accurately.  I'm sure you'll clarify it adequately.

I have a rewording in the pipeline.

-- 
Clive D.W. Feather  | Work:  <clive at demon.net>   | Tel:    +44 20 8495 6138
Internet Expert     | Home:  <clive at davros.org>  | *** NOTE CHANGE ***
Demon Internet      | WWW: http://www.davros.org | Fax:    +44 870 051 9937
Thus plc            |                            | Mobile: +44 7973 377646

More information about the ietf-nntp mailing list