[ietf-nntp] Re: SASL exchanges
Russ Allbery
rra at stanford.edu
Mon May 17 03:12:25 PDT 2004
Ken Murchison <ken at oceana.com> writes:
> Charles Lindsey wrote:
>> 3. I see that the SASL exchanges consist of long streams of BASE64
>> characters, which may easily exceed 512 charactyers in length; and it
>> is proposed to send these as a single line.
>> Would it not be better to send them (in both directions) as multiline
>> responses (terminated by CFLF.CRLF)? I see that no whitespace character
>> is meaningful within BASE64, and other protocols that use BASE64
>> (e.g. PGP) allow splitting of long lines in this way. This makes it
>> much easier to handle them (e.g. for cutting and pasting) when they
>> need to appear in editing or terminal emulation windows,
> After thinking about this some more last night, I like this idea even
> less for several reasons:
I agree. I think it's a bad idea. They should be returned as single
lines, and clients are going to have to be recoded to be able to handle
that.
> If one of the reasons for breaking up the SASL blob is to work around
> limitations in current NNTP implementations, I'd suggest that this is a
> new and different command, and it should be treated as such, not
> wedged/hacked into an existing framework.
It's because of limitations in existing implementations. A lot of people
allocate a buffer of NNTP_STRLEN and then just use it for everything.
> FWIW, it only took me about 2 hours to get SASL authentication working
> in INN. Most of my time was spent understanding the INN code and how it
> handles I/O. It took me a little longer to get security layers working
> because I had to reorganize/consolidate a lot of the INN I/O code to
> make it easier to handle SASL security layers, TLS and plaintext
> data. Overall, I probably spent less than a day's worth of coding.
> Granted, I was able to work quickly because of my knowledge of the Cyrus
> SASL library, but the bottom line is that any developer that has
> intimate knowledge of their own code should find no big technical
> hurdles implementing SASL if they follow the Cyrus SASL developer notes
> and sample code. In fact, once my INN SASL code is complete and gets
> committed, it can be used as a reference implementation.
Thank you very much for that, btw. I hope to be able to look at it fairly
soon. I wanted to catch up here first, though.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the ietf-nntp
mailing list