[ietf-nntp] AUTHINFO draft 01
Clive D.W. Feather
clive at demon.net
Mon Jul 5 02:48:42 PDT 2004
Russ Allbery said:
>> This reminds me. The meaning of 3xx response codes has traditionally
>> (SMTP, POST, IHAVE) been "you now need to send me more material as part
>> of this command". For AUTHINFO USER, 382 is being used to mean "you need
>> to invoke another command now". I don't think this meets the letter of:
>
>> 3xx - Command OK so far; send the rest of it.
>
>> and I'm sure it doesn't meet the spirit. I can see two fixes:
>> (1) Replace the 382 response with a 2xx code.
>> (2) Define AUTHINFO PASS as being continuation text to AUTHINFO USER,
>> rather than as a separate command.
>
> Bleh. I don't like either of those options; this is a code in widespread
> use and I don't think we should fiddle with it, and AUTHINFO PASS is
> treated like a command in every NNTP implementation I'm aware of. Can't
> we just allow this within the meaning of 3xx for NNTP? I know it's not
> particularly clean, but then what is, when it comes to NNTP codes?
I suspected this would be your answer.
It's not clean, but it does just about still fit the letter of the text.
I'd like us to find some way of discouraging people from doing it again,
though.
>> Russ: I can't recall; does the base document require text pointing at
>> the AUTHINFO and TLSSTART documents?
> It shouldn't require that, no, unless the IESG specifically asks for it.
> I don't *think* they were specifically asking for it, but now I can't
> remember for sure.
I'll leave this until you've checked.
It would be fairly simple to just add references to these documents at the
relevant points in Security Considerations.
--
Clive D.W. Feather | Work: <clive at demon.net> | Tel: +44 20 8495 6138
Internet Expert | Home: <clive at davros.org> | Fax: +44 870 051 9937
Demon Internet | WWW: http://www.davros.org | Mobile: +44 7973 377646
Thus plc | |
More information about the ietf-nntp
mailing list