[ietf-nntp] authinfo-02 changes

Ken Murchison ken at oceana.com
Mon Jul 26 10:01:42 PDT 2004 

Clive D.W. Feather wrote:


>>+username = 1*(P-CHAR / SP / TAB)
>>+password = 1*(P-CHAR / SP / TAB)
>>+initial-response = base64-opt
> 
> 
> This syntax isn't compatible with the general command syntax. Instead,
> you want:
> 
>    username = user-pass-word *(WS user-pass-word)
>    password = user-pass-word *(WS user-pass-word)
>    user-pass-word = 1*P-CHAR
> 
> This makes it clearer that the username/password can be treated as a string
> of words and that no special parsing is needed.

I'm not sure that I understand/appreciate the difference here, but I'll 
make the change if nobody else objects.


>>-response-x83-content = ("283" / "383") SP sasl-server-chal
>>-sasl-server-chal = "=" / base64
>>+simple-response-content /= response-sasl-content
>>+response-sasl-content = "283" SP base64 / "383" SP base64-opt
> 
> 
> Can I be sure I've got this right? A 383 may have an empty base64 string
> but a 283 can't (you use 281 instead)? I'm fine with that, and that's what
> the current syntax says, but it isn't what the older syntax said.

Yes, you are correct.  The SASL WG had a discussion about this and 
decided that empty success data really had no meaning and/or use, so it 
will be forbidden in RFC 2222bis.


>>-sasl-mech-name = 1*20sasl-mech-char
>>-sasl-mech-char = %x41-5A / DIGIT / "-" / "_"
>>+mechanism = 1*20mech-char
>>+mech-char = UPPER / DIGIT / "-" / "_"
>>       ; mechanism names restricted to uppercase letters, 
>>       ; digits, "-" and "_"
> 
> 
> I'm bothered about this restriction to uppercase. The ABNF syntax says that
> "USER" and "SASL" are case-insensitive, and our only other example ("MSGID"
> argument to "OVER") is also case-insensitive. The rest of NNTP (e.g. command
> names) is also case-insensitive.
> 
> Consistency with other extensions says that you should add LOWER to this
> list, or even move to A-CHAR, and be case-insensitive.

This is mandated by RFC 2222(bis):

    SASL mechanisms are named by strings, from 1 to 20 characters in
    length, consisting of upper-case ASCII [ASCII] letters, digits,
    hyphens, and/or underscores.

    sasl-mech    = 1*20mech-char
    mech-char    = %x41-5A / DIGIT / "-" / "_"
                   ; mech names restricted to uppercase ASCII letters,
                   ; digits, "-" and "_"



> Incidentally, why *does* LIST EXTENSIONS require uppercase for the initial
> word? Do we want to alter this, or is it too risky at this late date?

I'm not sure how we arrived at that.

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp

More information about the ietf-nntp mailing list