[ietf-nntp] AUTHINFO draft 01
Russ Allbery
rra at stanford.edu
Sat Jul 3 12:37:37 PDT 2004
Clive D W Feather <clive at demon.net> writes:
> I've finally got round to reading this. I think it's mostly fine, but
> have a few points.
> 2.1.2 last para: if you change the syntax to
> AUTHINFO USER username...
> AUTHINFO PASS password...
> then the white-space problem mostly goes away, because:
> AUTHINFO USER fred flintstone
> AUTHINFO PASS very secret
> becomes legal.
The only worry here is that many servers split on whitespace before doing
anything else, and then wouldn't be able to distinguish between:
AUTHINFO USER fred flintstone
AUTHINFO USER fred flintstone
That being said, I have no objections to making the above change; I still
wouldn't encourage people to use whitespace, though, given that it isn't
always going to work unless the server handles AUTHINFO specially.
> 2.2.1: we discussed briefly a separate response code meaning "invalid
> base64 string". The logical code for this is 504 (it belongs in the 50x
> space and this is the next unused code). There's still time to put that
> in [NNTP], incidentally.
I have no objections to this. It seems like a reasonable idea.
> 5: I don't believe that it's appropriate to say that an identity looks
> like an email address, particularly since the concept isn't used
> anywhere in this document. At most you need just the last paragraph, but
> the rest better belongs in [USEFOR].
Agreed. I wouldn't try to be at all precise about what authentication
identities look like; it's going to depend on the server and on the
desires of the local administrator.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the ietf-nntp
mailing list