[NNTP] Re: MODE READER
Ken Murchison
ken at oceana.com
Thu Nov 4 13:33:18 PST 2004
Mark Crispin wrote:
>> You're looking from the client's perspective in which the statement
>> seems to say that the client can use AUTHINFO whenever it feels like it.
>
>
> That is the only reasonable interpretation of:
> The AUTHINFO commands can be used before or after the MODE READER
> command, with the same semantics.
Yes, I came to this conclusion myself after re-reading it.
> As a client author, I vehemently object to allowing the server to
> dictate the order of a protocol sequence. In EVERY well-designed
> protocol, the protocol sequence is dictated first by the specification,
> and then by the client.
>
>> Do you have any suggested text which might clarify this?
>
>
> Yes. Do not give the server the option of imposing an order on the
> client. Either leave the order as random (under client direction), or
> impose One True Order and *prohibit* all other orders.
I'm tending to agree with this recommendation. My gut it to leave the
order as random, but I'll wait to see if anybody squeals before I make
this change.
> My released client code implements this order, which works on every NNTP
> server that I tested:
> STARTTLS (if needed - note that plaintext password authentication
> requires TLS)
> AUTHINFO (if needed)
> MODE READER
>
> To re-confirm, I just verified on an inn server that inn *does* allow
> AUTHINFO before MODE READER. I also determined that Supernews' NNTP
> server allows AUTHINFO before MODE READER.
OK, so the current language in AUTHINFO does not make either server
non-compliant.
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the ietf-nntp
mailing list