[ietf-nntp] AUTHINFO draft 01
Charles Lindsey
chl at clerew.man.ac.uk
Tue Jun 29 06:28:37 PDT 2004
In <20040623191935.GA47417 at finch-staff-1.thus.net> "Clive D.W. Feather" <clive at demon.net> writes:
>5: I don't believe that it's appropriate to say that an identity looks like
>an email address, particularly since the concept isn't used anywhere in
>this document. At most you need just the last paragraph, but the rest
>better belongs in [USEFOR].
>From a USEFOR POV, I don't think we care particularly what the form of the
identity will be, but we have introduced an Injection-Info-header for
indicating to whoever-it-may-concern where this article originated, and
for sure the "identity" established by AUTHINFO is one of the things that
may well be reported in there. Other things that can be reported include
the posting-host, the posting-account (cryptic), the posting-sender (not
usually known to the injecting agent, however) and some
posting-logging-parameter (cryptic).
There are the usual privacy concernsk with the netcops preferring something
LARTable that openly identifies the origin and the privacy advocates
preferring something that cannot readily be identified without the
cooperation of the admins of the injecting agent (hence the two options
marked with the word "cryptic"). USEFOR itself takes no sides in this
argument, but just provides tools suitable for both sides to use.
So what USEFOR needs to know is whether the _intention_ of the
authinfo-identity is to be "open" or "cryptic" - and clearly, if it is a
working email address, as suggested, then it is "open", because it
identifies the originator immediately. If that is the case, then I think
USEFOR would need to invent a posting-authinfo parameter for the purpose
(otherwise, posting-account would do).
So please, what is the current practice with other SASL implementations
(especially the SMTP one)?
BTW, I presume it is understood that sometimes this identity will be that
of the actual poster (e.g. joe at bloggs.org), because he configured his OE
to make an NNTP connection with that name, and sometimes it will identify
a news-server (e.g. news at bloggs.org).
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-nntp
mailing list