ietf-nntp Response code issues

[Jeffrey M. Vinocur]

On Mon, 31 Mar 2003, Clive D.W. Feather wrote:

> Jeffrey M. Vinocur said:
> 
> > The intent as written (can you be more specific about what's unclear so I 
> > can revise it?) is that 483 could be returned in response to any command 
> > should the server wish to indicate that encryption is required for that 
> > command.
> 
> But it never actually says that. 

"An NNTP server MAY respond to any client command with a 483 response"

But you're right that the section title is kinda confusing.  Perhaps 
something like "New Generic Response Code" would be better?  


> You've got a heading "Authentication response codes", which implies
> we're talking about authentication. Except that we're not.

Yeah, it's left over from the old combined draft.


> > Now, in practice, this is most likely to be AUTHINFO.  But ?Russ described 
> > a scenario in which authentication is not necessary, but encryption is 
> > desired for a particular group.  So while we *could* restrict 483 to being 
> > returned by AUTHINFO, I think that might be unnecessarily restrictive.
> 
> What bothers me is that we're rapidly introducing a situation where each
> extension has a generic response code *for core commands* effectively
> meaning "you can't do this until you've invoked this extension". First it
> was 480 for authorisation, now 483 for encryption. What next? Please don't
> say there won't be a next, because I'm skeptical in the extreme.
>
> I could about swallow adding 480, because we've already got x8x for
> authorisation, and the distinction between 480 and 502 is worth it. But I'm
> very unhappy about this proliferation. I think more, and wider, debate is
> needed.

Believe me, I'd be happy to have wider debate -- I can't do anything that 
will get anyone to speak up!

I see your point, though, and I'm not sure what to do about it.


-- 
Jeffrey M. Vinocur
jeff at litech.org