[NNTP] AUTHINFO and STARTTLS interaction
Russ Allbery
rra at stanford.edu
Wed Sep 29 12:28:21 PDT 2004
Ken Murchison <ken at oceana.com> writes:
> Would removing this restriction make people happier with the language in
> the draft and possible implementation choices? I know some people
> didn't want to have to negotiate TLS at the start of a session just
> because one of many groups might require it. Note that there still
> isn't any way to disable TLS once negotiated (other than re-negotiating
> down to the NULL cipher).
Honestly, I don't think it's going to make a whole lot of difference. I
wouldn't spend a lot of time on this; I think it's more important to wrap
things up than to get this exactly right.
> I can ask some SASL/IMAP/POP3/SMTP people.
If it's a slam dunk, let's go ahead and change the wording, but if people
aren't sure, I'd tend to just stick with what we have so that we can get
something out the door.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the ietf-nntp
mailing list