[NNTP] Notes on auxiliary documents
Jeffrey M. Vinocur
jeff at litech.org
Thu Nov 11 16:15:09 PST 2004
On Nov 11, 2004, at 6:58 PM, Russ Allbery wrote:
> Is there any reason not to simply require that servers support
> unsolicited
> authentication, without any note about older servers?
I think we should be able to say that any NNTPv2 server that lists an
AUTHINFO extension should support unsolicited authentication, sure.
Y'know, there's a subtly here I can't quite wrap my head around.
Everyone seems to like the "advertising AUTHINFO is enough to
effectively eliminate the 480 response" idea, if I'm reading the list
right. But have we come to a conclusion that reactive authentication
is bad? I mean, what if the server advertises AUTHINFO because some
users can authenticate, but most users won't need to. Then the client
software still has no way to know if it should prompt the user for
authentication parameters or not. So I guess we still need 480.
But regardless, yeah, unsolicited authentication can be mandatory when
AUTHINFO is advertised.
> Are there any
> servers that don't support AUTHINFO at any point during the session? (I
> think it would actually be harder to write a server that behaved that
> way
> than to support AUTHINFO at any time.)
I think it would be hard to do so as well. But in the "current
practice" realm, the client has no way of telling if the server
supports AUTHINFO at all, and so it might appear as a "failure of
unsolicited authentication" in that case. If you think we don't need
to document this, I certainly don't feel strongly about it...the
existing text reads as it does really by accident.
--
Jeffrey M. Vinocur
jeff at litech.org
More information about the ietf-nntp
mailing list