[NNTP] Comments on draft-...-authinfo-03
Russ Allbery
rra at stanford.edu
Sun Sep 26 16:04:30 PDT 2004
Clive D W Feather <clive at demon.net> writes:
> Ken Murchison said:
>> I suppose a reference to this text wouldn't hurt however.
> I'd be happy with:
> In agreement with [SASL], after a security layer is established
> the server MUST continue to advertise the AUTHINFO capability with
> the same arguments as before authentication.
This sounds like the best fix to me as well.
>>> Question to the group: would it be worth adding a flag to show that
>>> authentication is no longer possible? Something like:
>>>
>>> AUTHINFO - USER SASL:EXTERNAL
>>
>> Or we could just ignore a SHOULD in RFC 2222bis and not display the
>> AUTHINFO capability at all after authentication. But I don't think
>> this is a good idea.
> I'm happy to show the information, though I think it's better being
> flagged (so that a naive client [author] doesn't think that AUTHINFO is
> valid at this point).
I'd rather not add more complexity to the syntax right now. I know it's a
little bit confusing, but I think it's best to leave it as currently
presented rather than adding a separate flag with a syntax that isn't
really related to the rest of the protocol.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the ietf-nntp
mailing list