[NNTP] [2505] CAPABILITIES indication of features not currently available

Clive D.W. Feather clive at demon.net
Thu Dec 2 05:59:20 PST 2004 

Russ Allbery said:
> Clive D W Feather <clive at demon.net> writes:
>> Issue: do we provide a way for CAPABILITIES to advertise features that
>> aren't available right now but could be, or have been.

>> In particular, the present SASL stuff is an abomination - advertising a
>> capability as available with the secret understanding that that means it
>> *isn't* available - and goes directly against a MUST in the core
>> specification.
> 
> I'm not particularly worried about the SASL case because this is what
> everyone else does too.

Is it?

I've just skimmed the various SMTP documents, and as far as I can tell
they differ from NNTP in a major way: EHLO lists the extensions available,
*NOT* the extensions available at any given moment. That is, an extension
should be listed even if it can't be used until something else has been.
Looking at RFC 2554, it appears that you should advertise AUTH even if
there's no privacy layer in place, with the 538 code meaning "you can't do
AUTH yet".

Hmm, I see that RFC 3207 does require a server not to advertise TLS once
TLS is in place.

But see my response to Ken's response.

>> What is the objection to this? If it's the detail of the "-", "--",
>> "-480" stuff, then I'm happy to amend or drop that part. But what is
>> wrong with the basic principle of having a consistent way of saying
>> "extension X wishes to tell you that capability Y isn't currently
>> available"?
> 
> This is a pure complexity versus expressiveness tradeoff.  I'm again
> inclined to go for less complexity and less expressiveness because other
> protocols do not have this and have not apparently needed it.  I can see
> the cases where this might be helpful, but in practice I just don't think
> they're going to be all that useful or important.

Can I start by noting that, under my proposal, the minimal requirements
are:
* Servers need to do nothing.
* Clients need to be prepared to ignore lines beginning with "-".
That's a pretty low barrier and, in the case of clients, it's likely to be
what they're doing anyway (rather than panicking when they see such a
line). But, in exchange, we get the framework for future facilities if we
need them. Again, let me ask you see my response to Ken's response, which
I'm about to write.

-- 
Clive D.W. Feather  | Work:  <clive at demon.net>   | Tel:    +44 20 8495 6138
Internet Expert     | Home:  <clive at davros.org>  | Fax:    +44 870 051 9937
Demon Internet      | WWW: http://www.davros.org | Mobile: +44 7973 377646
Thus plc            |                            |

More information about the ietf-nntp mailing list