ietf-nntp Draft 20 pre-release 2
Ken Murchison
ken at oceana.com
Thu Oct 9 12:05:32 PDT 2003
Rob Siemborski wrote:
> Is there any way for the client to refresh the security capabilities
> without refreshing all of them? Yes, anonymous clients may not care, but
> I suspect client authors are more likely to get it wrong and not refresh
> for the security case if the leave the document as it is now.
This was, and remains, one of my biggest concerns. If you give an
implementor enough rope, they will hang themselves, and the unsuspecting
user as a result.
I still think that caching the capabilities list is of marginal, if any,
use. IMO, the potential risk outweighs the reward by a large margin.
Also note that no IMAP, POP3 or SMTP client that I'm aware of caches the
capabilties list. Why does an NNTP client need to be different?
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the ietf-nntp
mailing list