[NNTP] draft-ietf-nntpext-authinfo-04
Russ Allbery
rra at stanford.edu
Wed Sep 29 19:44:29 PDT 2004
Jeffrey M Vinocur <jeff at litech.org> writes:
> On Sep 29, 2004, at 3:19 PM, Ken Murchison wrote:
>> I'll note that continuing to advertise AUTHINFO SASL: is only required
>> id a security layer is in place. Any thoughts on whether we should
>> continue to advertise AUTHINFO USER in this case? (For the record, I
>> don't see the point).
> One quick question -- are there any standalone encryption-via-SASL
> utilities, along the lines of stunnel for TLS?
There is something that comes with Cyrus that I think can do SASL
authentication and possibly also negotiate a privacy layer, but I believe
that it works similar to telnet in that you can escape out and tell it to
start at any point. I've not used it personally, though.
> (If so, I can contrive a case where somebody might want to use AUTHINFO
> USER after a SASL security layer is established. For practical
> purposes, I think we can probably ignore this case.)
Yeah, I think so, since they really should have just used SASL
authentication at that point, plus that would constitute
re-authentication, which I believe we decided to punt on.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the ietf-nntp
mailing list