[NNTP] Proposed STARTTLS changes
Ken Murchison
ken at oceana.com
Fri Oct 1 12:28:11 PDT 2004
Sorry for replying to my own post again, but I also tweaked the 3 examples:
Example of a client being prompted to use encryption and negotiating it
successfully (showing the removal of STARTTLS from the extensions list
once a TLS layer is active), followed by a successful selection of the
group and an (inappropriate) attempt by the client to initiate another
TLS negotiation:
[C] LIST EXTENSIONS
[S] 202 Extensions supported:
[S] STARTTLS
[S] OVER
[S] .
[C] GROUP local.confidential
[S] 483 Encryption or stronger authentication required
[C] STARTTLS
[S] 382 Continue with TLS negotiation
[TLS negotiation occurs here]
[Following successful negotiation, traffic is via the TLS layer]
[C] LIST EXTENSIONS
[S] 202 Extensions supported:
[S] OVER
[S] .
[C] GROUP local.confidential
[S] 211 1234 3000234 3002322 local.confidential
[C] STARTTLS
[S] 502 STARTTLS not allowed with active TLS layer
Example of a request to begin TLS negotiation declined by the server:
[C] STARTTLS
[S] 580 Can not initiate TLS negotiation
Example of a failed attempt to negotiate TLS, followed by two attempts
at selecting groups only available under a security layer (in the
first case the server allows the session to continue, in the second it
closes the connection):
[C] STARTTLS
[S] 382 Continue with TLS negotiation
[TLS negotiation is attempted here]
[Following failed negotiation, traffic resumes without TLS]
[C] GROUP local.confidential
[S] 483 Encryption or stronger authentication required
[C] GROUP local.private
[S] 400 Closing connection due to lack of security
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the ietf-nntp
mailing list