[NNTP] Notes on auxiliary documents
Russ Allbery
rra at stanford.edu
Thu Dec 2 10:21:12 PST 2004
Clive D W Feather <clive at demon.net> writes:
> Russ Allbery said:
>> The reasons for disallowing STARTTLS after AUTHINFO would apply to any
>> other privacy extension as well. They're not specific to TLS. (In
>> particular, new privacy layer => discard all existing state => discard
>> existing authentication => double authentication messes that we decided
>> to punt on.)
> Not necessarily so.
> If the authentication mechanism uses a public-key or zero-knowledge
> system, successful authentication means that both sides can be sure that
> the other person is who they say they are *even* if there's an active
> attacker in the middle (that is, the AAitM can prevent authentication
> but can't falsely authenticate). At which point they can use an existing
> shared secret as the encryption key.
> It only applies to TLS because:
> - the defined layering puts the SASL encryption on the TLS-encrypted path,
> not the other way round;
> - TLS uses certificates rather than shared secrets.
Hm. Okay, that's a reasonably convincing argument to me.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the ietf-nntp
mailing list