[NNTP] Comments on draft-...-authinfo-03
Ken Murchison
ken at oceana.com
Fri Sep 17 10:52:54 PDT 2004
Clive D.W. Feather wrote:
> Ken Murchison said:
>
>>>I suggest that the text at the start of section 2 be called section 2.1.
>>>Title perhaps "General concepts".
>>
>>Where exactly are you suggesting a split? Are you saying that
>>everything before the current 2.1 should be 2.1 and there would be no
>>text directly under 2.?
>
>
> That's right.
OK. After thinking about this, I'm going to split all of that text into
something like "AUTHINFO Capability" and "AUTHINFO Behavior" sections.
>>>Section 2.2.2 para 4: delete the stuff after ("="). Or replace the entire
>>>sentence with:
>>>
>>> A server challenge that has zero length MUST be sent as a single
>>> equals sign ("=") and not omitted.
>>
>>What is the problem with the existing text?
>
>
> I felt it had the wrong emphasis, though on re-reading it I'm less bothered
> than I was.
>
> Note the next paragraph: it also talks about encoding zero length strings
> as = signs, but without attempting to justify why. In fact, we could send
> it as a blank line in this case - I'm not suggesting this, just noting it
> would be technically possible.
This is what I originally had (same as SMTP and POP3), but someone
didn't like this (don't recall who), so I changed it to be the same as
an empty initial response and empty server challenge. If someone can
provide me with some text that gives me a reason why we're using "=",
I'll add it. Or if we just want to use a blank line, I'm fine with that
too.
>
>
>>The only reason we are
>>requiring "=" at all in this case *is* to distinguish any empty
>>challenge from any trailing junk. All of the other messaging protocols
>>simply allow an empty string (no "=") because they don't allow trailing
>>junk.
>
>
> I think this is it. You are looking at it from an SASL point of view: NNTP
> wants to do something odd because of an NNTP feature. I'm looking at it
> from an NNTP point of view: there's no such thing as an optional argument
> in a response, so we need to encode zero-length strings.
>
> [What happens in SMTP and POP3? I thought these allowed text after the
> response code.]
I'd have to read the RFCs again to see if its allowed in general
commands, but its definitely not allowed for the AUTH commands.
>>How about this:
>>
>>"In NNTP, a server challenge that contains no data is
>>equivalent to a zero length challenge and is encoded as a single
>>equals sign ("=")."
>
>
> Fine. [Are there protocols where the two are different? If so, how do they
> handle this?]
Not that I know of. I believe the SASL RFC uses the phrase "challenge
that contains no data" and most of the profile docs (including NNTP
AUTH) use "zero length challenge", so I'm just making sure that people
know wthat they are equivalent.
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the ietf-nntp
mailing list