[NNTP] Notes on auxiliary documents
Russ Allbery
rra at stanford.edu
Tue Nov 30 19:46:01 PST 2004
Clive D W Feather <clive at demon.net> writes:
> Ken Murchison said:
>> I don't *think* that server has to go back to the "unselected group"
>> state after auth, but my guess is that if the client authenticates in
>> the middle of a session its because they are trying to access a group
>> that returned a 480 and therefore will be changing groups immediately
>> after auth.
> Well, yes, but we can't guarantee it and so can't rely on it. There may
> also be other server state either now or in the future.
> I don't mind whether it's "server must forget all state", or "server
> must retain all NNTP state", but we need to be absolutely clear. Oh, and
> TLS needs to be consistent with SASL on this.
> [I'd prefer "retain state", because it may not be obvious to the main
> NNTP engine in the client whether a security layer was negotiated or not
> by some other module, and therefore whether the state was retained or
> not.]
I agree that we need to be very clear.
I would lean towards forgetting all state, since that's the obviously safe
thing to do from a security standpoint. I can't figure out the parameters
of an attack that would exploit this, but I know that it can't be
exploited if we forget state.
However, there's MODE READER, and we can't forget that state,
unfortunately; Mark made that point, and it's accurate. That state I can
argue doesn't pose any security issues, however, other than a DoS attack
(which is generally uninteresting). I can't make a similar argument about
all server state.
It seems to be more in the general spirit of SASL and TLS to discard all
state after negotiating a security layer.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the ietf-nntp
mailing list