ietf-nntp Draft 20 pre-release 2

Russ Allbery rra at stanford.edu
Thu Oct 9 11:47:00 PDT 2003


Rob Siemborski <rjs3 at andrew.cmu.edu> writes:

> Is there any way for the client to refresh the security capabilities
> without refreshing all of them?  Yes, anonymous clients may not care,
> but I suspect client authors are more likely to get it wrong and not
> refresh for the security case if the leave the document as it is now.

99.9% of NNTP connections are anonymous.  I don't think it makes a great
deal of sense to penalize the extremely common case just because the
unusual case might not do the right thing.

> In any case, having a document that says "MUST NOT do x" in one section
> and (implies) "MAY do x" in another is broken, regardless of what the
> particular issue is.

I can certainly support clarifying that security extension information may
not be cached.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the ietf-nntp mailing list