[ietf-nntp] I-D ACTION:draft-ietf-nntpext-authinfo-00.txt
Russ Allbery
rra at stanford.edu
Sat May 15 20:53:50 PDT 2004
"Andrew - Supernews" <andrew at supernews.net> writes:
> I'd _like_ to get away from plaintext passwords; but an unrealistic
> approach to this draft is just going to mean that AUTHINFO USER remains
> the de-facto standard forever.
All we're doing here, or even trying to do here, is introduce SASL as the
preferred way to negotiate strong authentication mechanisms. That doesn't
solve all problems, by any stretch, and I definitely don't expect AUTHINFO
USER to go away after this draft.
What it does is make available a generic mechanism for adding whatever
authentication mechanisms are needed, which means that there's a system in
place to allow sites to add a more suitable mechanism from which the
password can be recovered if there's a need for that.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the ietf-nntp
mailing list