[NNTP] AUTHINFO and STARTTLS interaction
Ken Murchison
ken at oceana.com
Wed Sep 29 07:16:07 PDT 2004
Contrary to what I may have said previously, I don't think we *have* to
prevent STARTTLS from being used after AUTHINFO. As long as we specify
in which order the layers are applied (per Section 4, req. 7 of RFC
2222bis), I think we are free to allow STARTTLS before or after
AUTHINFO. I believe that this is something that was discussed in the
past and there was support for it. Do we want to revisit this, or just
continue to disallow STARTTLS after AUTHINFO? Since I'm not a security
expert, I don't know what, if any, flags this might raise.
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the ietf-nntp
mailing list