ietf-nntp LIST EXTENSIONS non-pipelined and non-cacheable?
Ken Murchison
ken at oceana.com
Wed Sep 10 06:55:17 PDT 2003
Russ Allbery wrote:
> Well, given that, I can see the need to issue LIST EXTENSIONS before
> authenticating with SASL PLAIN because SASL PLAIN is (arguably) broken in
> the way that it does authentication negotiation. Sigh.
How is it broken? Its a one rountrip plaintext mechanism, which I could
argue is better than USER/PASS. What is broken is any client which
sends a plaintext password in the clear.
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the ietf-nntp
mailing list