ietf-nntp LIST EXTENSIONS caching

Clive D.W. Feather clive at demon.net
Fri Oct 10 03:00:43 PDT 2003 

Okay, here's the text I now have. Can people please comment on it? I
will change the SHOULDs to MUSTs iff Russ tells me to.

[In 5.3.2]

   An NNTP client MUST NOT rely on any cached results from this command,
   either earlier in this session or in a previous session, remaining
   correct. While some extensions are likely to be always available or
   never available, others will "appear" and "disappear" depending on
   other changes. Furthermore, a server SHOULD NOT use cached results in
   relation to security, privacy, and authentication extensions. See
   Section 11.6 for further discussion of this topic.

[and then]

11.6 Caching of LIST EXTENSIONS results

   The LIST EXTENSIONS command provides information about the extensions
   currently available from the server. Whenever there is a relevant
   change to the server state, the results of this command are required
   to change accordingly.

   In most situations the results from this command in a given server
   state will not change from session to session; a given extension will
   be installed permanently on a server. Therefore, once it has
   established a working state - for example, by using MODE READER or
   setting up an encrypted connection to the server - it is reasonable
   for a client to cache extension status between sessions and use this
   cached information when deciding whether or not to use a particular
   extension, rather than using the LIST EXTENSIONS command in every
   session. However, such implementations MUST NOT rely on any cached
   results from this command remaining correct, MUST cope gracefully
   with the cached status being out of date, and SHOULD provide a way to
   force the cached information to be refreshed.

   However, there are risks in caching information about extensions
   related to security and privacy.

   For example, consider a server which permits the use of cleartext
   passwords on links that are encrypted but not otherwise:

      [C] LIST EXTENSIONS
      [S] 202 Extensions supported:
      [S] ENCRYPT
      [S] .
      [C] ENCRYPT
      [S] 283 Encrypted link established
      [C] LIST EXTENSIONS
      [S] 202 Extensions supported:
      [S] XSECRET
      [S] .
      [C] XSECRET   fred flintstone
      [S] 290 Password for fred accepted

   If the client caches the last LIST EXTENSIONS result, then on the
   next session it will attempt to use XSECRET on an unencrypted link:

      [C] XSECRET   fred flintstone
      [S] 483 Only permitted on secure links

   exposing the password to any eavesdropper.

   Therefore a client sending private information, such as a cleartext
   password, to a server SHOULD check the security state of the link and
   the identity of the server immediately beforehand and SHOULD NOT rely
   on the (cached) results of any previous check. How such a check is
   done will, of course, depend on the particular facilities available
   from the server.

   An even better approach, though, is to use authentication mechanisms
   that work on an insecure link (e.g. public-key signatures).

-- 
Clive D.W. Feather  | Work:  <clive at demon.net>   | Tel:    +44 20 8495 6138
Internet Expert     | Home:  <clive at davros.org>  | *** NOTE CHANGE ***
Demon Internet      | WWW: http://www.davros.org | Fax:    +44 870 051 9937
Thus plc            |                            | Mobile: +44 7973 377646

More information about the ietf-nntp mailing list