ietf-nntp Draft 20 pre-release 2
Russ Allbery
rra at stanford.edu
Thu Oct 9 11:47:00 PDT 2003
Rob Siemborski <rjs3 at andrew.cmu.edu> writes:
> Is there any way for the client to refresh the security capabilities
> without refreshing all of them? Yes, anonymous clients may not care,
> but I suspect client authors are more likely to get it wrong and not
> refresh for the security case if the leave the document as it is now.
99.9% of NNTP connections are anonymous. I don't think it makes a great
deal of sense to penalize the extremely common case just because the
unusual case might not do the right thing.
> In any case, having a document that says "MUST NOT do x" in one section
> and (implies) "MAY do x" in another is broken, regardless of what the
> particular issue is.
I can certainly support clarifying that security extension information may
not be cached.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the ietf-nntp
mailing list