[NNTP] Comments on draft-...-authinfo-03

Ken Murchison ken at oceana.com
Fri Sep 17 10:52:54 PDT 2004 

Clive D.W. Feather wrote:

> Ken Murchison said:
> 
>>>I suggest that the text at the start of section 2 be called section 2.1.
>>>Title perhaps "General concepts".
>>
>>Where exactly are you suggesting a split?  Are you saying that 
>>everything before the current 2.1 should be 2.1 and there would be no 
>>text directly under 2.?
> 
> 
> That's right.

OK.  After thinking about this, I'm going to split all of that text into 
something like "AUTHINFO Capability" and "AUTHINFO Behavior" sections.


>>>Section 2.2.2 para 4: delete the stuff after ("="). Or replace the entire
>>>sentence with:
>>>
>>>    A server challenge that has zero length MUST be sent as a single
>>>    equals sign ("=") and not omitted.
>>
>>What is the problem with the existing text?
> 
> 
> I felt it had the wrong emphasis, though on re-reading it I'm less bothered
> than I was.
> 
> Note the next paragraph: it also talks about encoding zero length strings
> as = signs, but without attempting to justify why. In fact, we could send
> it as a blank line in this case - I'm not suggesting this, just noting it
> would be technically possible.

This is what I originally had (same as SMTP and POP3), but someone 
didn't like this (don't recall who), so I changed it to be the same as 
an empty initial response and empty server challenge.  If someone can 
provide me with some text that gives me a reason why we're using "=", 
I'll add it.  Or if we just want to use a blank line, I'm fine with that 
too.


> 
> 
>>The only reason we are 
>>requiring "=" at all in this case *is* to distinguish any empty 
>>challenge from any trailing junk.  All of the other messaging protocols 
>>simply allow an empty string (no "=") because they don't allow trailing 
>>junk.
> 
> 
> I think this is it. You are looking at it from an SASL point of view: NNTP
> wants to do something odd because of an NNTP feature. I'm looking at it
> from an NNTP point of view: there's no such thing as an optional argument
> in a response, so we need to encode zero-length strings.
> 
> [What happens in SMTP and POP3? I thought these allowed text after the
> response code.]

I'd have to read the RFCs again to see if its allowed in general 
commands, but its definitely not allowed for the AUTH commands.


>>How about this:
>>
>>"In NNTP, a server challenge that contains no data is
>>equivalent to a zero length challenge and is encoded as a single
>>equals sign ("=")."
> 
> 
> Fine. [Are there protocols where the two are different? If so, how do they
> handle this?]

Not that I know of.  I believe the SASL RFC uses the phrase "challenge 
that contains no data" and most of the profile docs (including NNTP 
AUTH) use "zero length challenge", so I'm just making sure that people 
know wthat they are equivalent.

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp

More information about the ietf-nntp mailing list