[ietf-nntp] AUTHINFO draft 01

Clive D.W. Feather clive at demon.net
Mon Jul 5 02:23:06 PDT 2004


Russ Allbery said:
>> I've finally got round to reading this. I think it's mostly fine, but
>> have a few points.
> 
>> 2.1.2 last para: if you change the syntax to
>>     AUTHINFO USER username...
>>     AUTHINFO PASS password...
> 
>> then the white-space problem mostly goes away, because:
> 
>>     AUTHINFO USER fred flintstone
>>     AUTHINFO PASS very secret
> 
>> becomes legal.
> 
> The only worry here is that many servers split on whitespace before doing
> anything else, and then wouldn't be able to distinguish between:
> 
>     AUTHINFO USER fred flintstone
>     AUTHINFO USER fred  flintstone

True. We don't actually say in [NNTP] that different amounts of white space
are to be treated the same, but that's what everyone does.

> That being said, I have no objections to making the above change; I still
> wouldn't encourage people to use whitespace, though, given that it isn't
> always going to work unless the server handles AUTHINFO specially.

Well, if the change is made, all that's needed is a piece of text something
like:

    Because the exact amount of white space in a command is normally
    ignored by the server, clients SHOULD always use a single space
    between the arguments that make up the user name and password; this
    implies, in particular, that passwords SHOULD NOT contain TABs or
    adjacent spaces.

>> 2.2.1: we discussed briefly a separate response code meaning "invalid
>> base64 string". The logical code for this is 504 (it belongs in the 50x
>> space and this is the next unused code). There's still time to put that
>> in [NNTP], incidentally.
> I have no objections to this.  It seems like a reasonable idea.

Done.

-- 
Clive D.W. Feather  | Work:  <clive at demon.net>   | Tel:    +44 20 8495 6138
Internet Expert     | Home:  <clive at davros.org>  | Fax:    +44 870 051 9937
Demon Internet      | WWW: http://www.davros.org | Mobile: +44 7973 377646
Thus plc            |                            |



More information about the ietf-nntp mailing list