[NNTP] draft-ietf-nntpext-tls-nntp-02.txt
Clive D.W. Feather
clive at demon.net
Tue Sep 28 05:49:24 PDT 2004
Russ Allbery said:
>> 3.2.1 para 2: in option (1), rather than dropping the connection
>> immediately it should use the 400 generic response code.
> No, because at the successful conclusion of the command, it's the client's
> turn, at least as we've currently laid out the specification.
Yes, but (a) see below and (b) the server can respond with a 400 to the
*next* command.
>> However, it appears from discussions back in March that this situation
>> can never happen because it's the server which decides what offer in the
>> first place. So all this text can be deleted.
> This also sounds correct to me, and deleting text is even better.
Which makes it moot.
>> Also back in March, I wrote:
>> | However, I'm a little bothered by the asymmetry between TLS failure,
>> | where the *server* moves next (issuing a response code), and success,
>> | where the *client* moves next (issuing a command). If this isn't cast
>> | in stone, then I would strongly suggest making it always the
>> | server. This has an additional benefit: you can specify that, after
>> | TLS negotiation ends successfully, both sides return to the NNTP
>> | initial connection state with the server issuing an initial
>> | greeting. I suspect this will make things easier for client design.
>> 3.2.2 first para: will it be clear from the TLS negotiation whether it
>> succeeded or failed?
> Yes.
Okay.
>> Note that this would be a good place for the 400 I mention above.
> I don't see how. 580 doesn't mean that the connection is closing, whereas
> 400 does, does it not?
That's the point. The server then has a choice, something like this:
If the TLS handshake fails in such a way that it is possible to
recover the underlying NNTP session, the server will send a
response (without encryption), beginning with the first post-
handshake octet. If the server is willing to continue the connection
the response code 580 MUST be used; if not, the response code 400
MUST be used and the server MUST then close the connection.
So we get four cases:
* succeeded: no response, client's turn
* failed, session recovered, server will continue -> 580 response
* failed, session recovered, server will not continue -> 400 response
* failed, session can't be recovered, close connection (?)
> The other minor wording changes look good to me. Does everyone think that
> with the above issues resolved, we're ready to go to last call on this
> document?
Yes.
--
Clive D.W. Feather | Work: <clive at demon.net> | Tel: +44 20 8495 6138
Internet Expert | Home: <clive at davros.org> | Fax: +44 870 051 9937
Demon Internet | WWW: http://www.davros.org | Mobile: +44 7973 377646
Thus plc | |
More information about the ietf-nntp
mailing list