[ietf-nntp] authinfo-02 changes
Ken Murchison
ken at oceana.com
Mon Jul 26 10:01:42 PDT 2004
Clive D.W. Feather wrote:
>>+username = 1*(P-CHAR / SP / TAB)
>>+password = 1*(P-CHAR / SP / TAB)
>>+initial-response = base64-opt
>
>
> This syntax isn't compatible with the general command syntax. Instead,
> you want:
>
> username = user-pass-word *(WS user-pass-word)
> password = user-pass-word *(WS user-pass-word)
> user-pass-word = 1*P-CHAR
>
> This makes it clearer that the username/password can be treated as a string
> of words and that no special parsing is needed.
I'm not sure that I understand/appreciate the difference here, but I'll
make the change if nobody else objects.
>>-response-x83-content = ("283" / "383") SP sasl-server-chal
>>-sasl-server-chal = "=" / base64
>>+simple-response-content /= response-sasl-content
>>+response-sasl-content = "283" SP base64 / "383" SP base64-opt
>
>
> Can I be sure I've got this right? A 383 may have an empty base64 string
> but a 283 can't (you use 281 instead)? I'm fine with that, and that's what
> the current syntax says, but it isn't what the older syntax said.
Yes, you are correct. The SASL WG had a discussion about this and
decided that empty success data really had no meaning and/or use, so it
will be forbidden in RFC 2222bis.
>>-sasl-mech-name = 1*20sasl-mech-char
>>-sasl-mech-char = %x41-5A / DIGIT / "-" / "_"
>>+mechanism = 1*20mech-char
>>+mech-char = UPPER / DIGIT / "-" / "_"
>> ; mechanism names restricted to uppercase letters,
>> ; digits, "-" and "_"
>
>
> I'm bothered about this restriction to uppercase. The ABNF syntax says that
> "USER" and "SASL" are case-insensitive, and our only other example ("MSGID"
> argument to "OVER") is also case-insensitive. The rest of NNTP (e.g. command
> names) is also case-insensitive.
>
> Consistency with other extensions says that you should add LOWER to this
> list, or even move to A-CHAR, and be case-insensitive.
This is mandated by RFC 2222(bis):
SASL mechanisms are named by strings, from 1 to 20 characters in
length, consisting of upper-case ASCII [ASCII] letters, digits,
hyphens, and/or underscores.
sasl-mech = 1*20mech-char
mech-char = %x41-5A / DIGIT / "-" / "_"
; mech names restricted to uppercase ASCII letters,
; digits, "-" and "_"
> Incidentally, why *does* LIST EXTENSIONS require uppercase for the initial
> word? Do we want to alter this, or is it too risky at this late date?
I'm not sure how we arrived at that.
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the ietf-nntp
mailing list