[NNTP] draft-ietf-nntpext-authinfo-04

Ken Murchison ken at oceana.com
Wed Sep 29 20:11:31 PDT 2004 

Russ Allbery wrote:
> Jeffrey M Vinocur <jeff at litech.org> writes:
> 
>>On Sep 29, 2004, at 3:19 PM, Ken Murchison wrote:
> 
> 
>>>I'll note that continuing to advertise AUTHINFO SASL: is only required
>>>id a security layer is in place.  Any thoughts on whether we should
>>>continue to advertise AUTHINFO USER in this case?  (For the record, I
>>>don't see the point).
> 
> 
>>One quick question -- are there any standalone encryption-via-SASL
>>utilities, along the lines of stunnel for TLS?
> 
> 
> There is something that comes with Cyrus that I think can do SASL
> authentication and possibly also negotiate a privacy layer, but I believe
> that it works similar to telnet in that you can escape out and tell it to
> start at any point.  I've not used it personally, though.

Yes, Cyrus has an imtest utility which speaks all messages protocols and 
can handle both SASL and TLS.  The authentication piece is automatic 
other than asking for a password and you can't force it to do another 
authentication unless you do it by hand.

> 
>>(If so, I can contrive a case where somebody might want to use AUTHINFO
>>USER after a SASL security layer is established.  For practical
>>purposes, I think we can probably ignore this case.)

I don't understand how this would be useful other than trying to 
reauthenicate.

> 
> Yeah, I think so, since they really should have just used SASL
> authentication at that point, plus that would constitute
> re-authentication, which I believe we decided to punt on.

Are you under the assumption that you can get a SASL security layer 
*without* also authenticating?  That's certainly *not* the case.  A SASL 
exchange *always* performs an authentication and in the process 
optionally negotiates an integrity and/or privacy layer.  You can *not* 
get either of the latter without the former.

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp

More information about the ietf-nntp mailing list