[NNTP] draft-ietf-nntpext-authinfo-04
Ken Murchison
ken at oceana.com
Wed Sep 29 20:11:31 PDT 2004
Russ Allbery wrote:
> Jeffrey M Vinocur <jeff at litech.org> writes:
>
>>On Sep 29, 2004, at 3:19 PM, Ken Murchison wrote:
>
>
>>>I'll note that continuing to advertise AUTHINFO SASL: is only required
>>>id a security layer is in place. Any thoughts on whether we should
>>>continue to advertise AUTHINFO USER in this case? (For the record, I
>>>don't see the point).
>
>
>>One quick question -- are there any standalone encryption-via-SASL
>>utilities, along the lines of stunnel for TLS?
>
>
> There is something that comes with Cyrus that I think can do SASL
> authentication and possibly also negotiate a privacy layer, but I believe
> that it works similar to telnet in that you can escape out and tell it to
> start at any point. I've not used it personally, though.
Yes, Cyrus has an imtest utility which speaks all messages protocols and
can handle both SASL and TLS. The authentication piece is automatic
other than asking for a password and you can't force it to do another
authentication unless you do it by hand.
>
>>(If so, I can contrive a case where somebody might want to use AUTHINFO
>>USER after a SASL security layer is established. For practical
>>purposes, I think we can probably ignore this case.)
I don't understand how this would be useful other than trying to
reauthenicate.
>
> Yeah, I think so, since they really should have just used SASL
> authentication at that point, plus that would constitute
> re-authentication, which I believe we decided to punt on.
Are you under the assumption that you can get a SASL security layer
*without* also authenticating? That's certainly *not* the case. A SASL
exchange *always* performs an authentication and in the process
optionally negotiates an integrity and/or privacy layer. You can *not*
get either of the latter without the former.
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the ietf-nntp
mailing list