[NNTP] Re: MODE READER

[Ken Murchison]

Mark Crispin wrote:

>> You're looking from the client's perspective in which the statement 
>> seems to say that the client can use AUTHINFO whenever it feels like it.
> 
> 
> That is the only reasonable interpretation of:
>     The AUTHINFO commands can be used before or after the MODE READER
>     command, with the same semantics.

Yes, I came to this conclusion myself after re-reading it.


> As a client author, I vehemently object to allowing the server to 
> dictate the order of a protocol sequence.  In EVERY well-designed 
> protocol, the protocol sequence is dictated first by the specification, 
> and then by the client.
> 
>> Do you have any suggested text which might clarify this?
> 
> 
> Yes.  Do not give the server the option of imposing an order on the 
> client.  Either leave the order as random (under client direction), or 
> impose One True Order and *prohibit* all other orders.

I'm tending to agree with this recommendation.  My gut it to leave the 
order as random, but I'll wait to see if anybody squeals before I make 
this change.


> My released client code implements this order, which works on every NNTP 
> server that I tested:
>     STARTTLS (if needed - note that plaintext password authentication
>           requires TLS)
>     AUTHINFO (if needed)
>     MODE READER
> 
> To re-confirm, I just verified on an inn server that inn *does* allow 
> AUTHINFO before MODE READER.  I also determined that Supernews' NNTP 
> server allows AUTHINFO before MODE READER.

OK, so the current language in AUTHINFO does not make either server 
non-compliant.

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp