[ietf-nntp] Need to start (and finish!) the SASL draft
Charles Lindsey
chl at clerew.man.ac.uk
Thu Apr 22 04:17:19 PDT 2004
In <4086AB6E.2090708 at oceana.com> Ken Murchison <ken at oceana.com> writes:
>Charles Lindsey wrote:
>> Alternatively, we could just document the AUTHINFO USER/PASS as they are
>> currently (widely) used, and say they are
>> deprecated/historic/whatever-the-proper-phrase-is.
>If you document it as deprecated, then NNTP still doesn't have any
>current/up-to-date authentication mechanism. If you document it as a
>current plaintext authentication mechanism, then it will have to depend
>on TLS, otherwise I don't believe it will get past IETF/IESG review.
Sure, but you would be describing the AUTHINFO SASL stuff at the same
time. My point was merely that it wasn't necessary to publish the
STARTTLS stuff just in order to get AUTHINFO USER/PASS on the record
(though if the STARTTLS stuff is ready to go, then why not).
>I've seen a rough draft from Jeff and its what I would expect (and argue
>for). Its looks a lot like section 4 of RFC 2554, using "AUTHINFO SASL"
>as the command and 28x and 38x as the response codes. It differs from
>RFC 2554 in that it also supports success data, as is recommended for
>any new SASL protocol profile.
I think all the variants of AUTHINFO should be described in the same
document, so far as is possible.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-nntp
mailing list