[NNTP] Capabilities in responses (Was: MODE READER)

Mark Crispin mrc at CAC.Washington.EDU
Tue Nov 9 08:32:06 PST 2004


On Tue, 9 Nov 2004, Clive D.W. Feather wrote:
> Apart from anything else, because a malicious implementation could cause
> all kinds of hassle while remaining technically conforming to 977.

Pshaw.  Strawman argument.

Nothing, and I do mean nothing, will stop a malicious implementation no 
matter what we do.

There is plenty of precedent to the practice of placing protocol in what 
was previously free-text.  SMTP does it (extended response codes, "ESMTP" 
in the greeting).  POP3 does it (APOP authentication data in the 
greeting).  IMAP does it (status response codes, including capabilities in 
the greeting).

NNTP is not unique and different, nor does it have special vulnerabilities 
that require special practices different from every other protocol to 
overcome malicious implementations.

> Let's see if we can find a cleaner answer.

Somehow, I find it difficult to hear the phrase "clean" associated with a 
protocol that gave us MODE READER, incomplete LIST EXTENSIONS, etc.

-- Mark --

http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.



More information about the ietf-nntp mailing list