[NNTP] draft-ietf-nntpext-tls-nntp-02.txt

Jeffrey M. Vinocur jeff at litech.org
Wed Sep 29 19:28:48 PDT 2004 

On Sep 29, 2004, at 2:59 PM, Russ Allbery wrote:

> Ken Murchison <ken at oceana.com> writes:
>
>> Note that the option of closing the connection is something that is 
>> not
>> present in RFC 3207 (on which most of this text is based).  It was 
>> added
>> by Jeff because he felt that servers may not want to have client 
>> beating
>> on them after a failed TLS.  I never really liked this text and would
>> prefer to just stick with the original RFC 3207 text (just issue 483
>> responses to subsequent commands).  Doesn't the base doc already allow
>> servers to unilaterally terminate the connection and addresses how to 
>> do
>> this?  If so, do we need to address this in the STARTTLS doc?
>
> I'm pretty sure unilateral termination is already allowed, and in any
> event it can happen whether allowed or not so clients have to cope with
> it.  I don't have a problem with sticking to the original text here.
> Jeff, do you still think this is needed?

[ I'm scrambling to keep up with all this traffic. Trying to follow. ]

IIRC, this was because any case where the server can unilaterally close 
the connection makes me worried about a naive client inadvertently 
DOS'ing the server.

I mean, if the client author isn't prepared for a unilateral 
termination to be purposeful (rather than a network glitch dropping the 
connection), the client software might immediately reconnect and repeat 
the same sequence of commands, causing the server to unilaterally 
terminate again, and so on, indefinitely.

This concern seems very real to me, but I could certainly be convinced 
if people disagree.

And if it's real concern, I'm not necessarily sure this is the best 
text to handle it either.

Regardless, I do feel like we're misleading to client authors if the 
spec says only "the server will reject all further commands" when in 
practice servers are quite likely to close the connection, even if 
somewhere in a different document we warn them that the server can 
close the connection at any time.


-- 
Jeffrey M. Vinocur
jeff at litech.org

More information about the ietf-nntp mailing list