[ietf-nntp] Re: SASL capability
Russ Allbery
rra at stanford.edu
Wed May 26 12:03:01 PDT 2004
Ken Murchison <ken at oceana.com> writes:
> Russ Allbery wrote:
>> Ken Murchison <ken at oceana.com> writes:
>>> Question: What do we do if a server only supports PLAIN and EXTERNAL
>>> and a client does LIST EXTENSIONS prior to STARTTLS? Do we advertise
>>> just "AUTHINFO" or "AUTHINFO SASL:" or ???
>> I think we just advertise AUTHINFO.
> OK, so SASL: is only advertised if there are mechs available.
I don't have a strong opinion; I can see arguments either way, but since
we already talk about how "AUTHINFO" without any arguments indicates that
the extension is supported but no authentication mechanisms can proceed at
present, it seems easiest to just keep using that.
>> Why would EXTERNAL require TLS, though?
> Sorry for the confusion, EXTERNAL doesn't *require* TLS. It might be
> available because of some OOB info, via IPsec info, or in this case, a
> TLS certificate.
Ah, okay.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the ietf-nntp
mailing list