ietf-nntp LIST EXTENSIONS non-pipelined and non-cacheable?

Ken Murchison ken at oceana.com
Wed Sep 10 06:55:17 PDT 2003


Russ Allbery wrote:

> Well, given that, I can see the need to issue LIST EXTENSIONS before
> authenticating with SASL PLAIN because SASL PLAIN is (arguably) broken in
> the way that it does authentication negotiation.  Sigh.

How is it broken?  Its a one rountrip plaintext mechanism, which I could 
argue is better than USER/PASS.  What is broken is any client which 
sends a plaintext password in the clear.

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp




More information about the ietf-nntp mailing list