[ietf-nntp] Need to start (and finish!) the SASL draft
Ken Murchison
ken at oceana.com
Wed Apr 21 10:12:14 PDT 2004
Charles Lindsey wrote:
> In <87d662lcyg.fsf at windlord.stanford.edu> Russ Allbery <rra at stanford.edu> writes:
>
>
>>One of the other things I was wondering about there is if we need to
>>include STARTTLS as well. We do if we want to document any sort of
>>plain-text authentication, I think, so if we want to include the legacy
>>AUTHINFO USER/PASS commands, we're going to need the TLS stuff in there.
>
>
> Alternatively, we could just document the AUTHINFO USER/PASS as they are
> currently (widely) used, and say they are
> deprecated/historic/whatever-the-proper-phrase-is.
If you document it as deprecated, then NNTP still doesn't have any
current/up-to-date authentication mechanism. If you document it as a
current plaintext authentication mechanism, then it will have to depend
on TLS, otherwise I don't believe it will get past IETF/IESG review.
> But first, I think we really need to see a SASL draft. Does it exist
> already somewhere, or are we waiting for sombody to publish it? When we
> see it, we shqll be in a better position to decide what to do with it.
I've seen a rough draft from Jeff and its what I would expect (and argue
for). Its looks a lot like section 4 of RFC 2554, using "AUTHINFO SASL"
as the command and 28x and 38x as the response codes. It differs from
RFC 2554 in that it also supports success data, as is recommended for
any new SASL protocol profile.
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the ietf-nntp
mailing list