[NNTP] Re: AUTHINFO and STARTTLS interaction
Clive D.W. Feather
clive at demon.net
Wed Sep 29 22:56:43 PDT 2004
Ken Murchison said:
> Contrary to what I may have said previously, I don't think we *have* to
> prevent STARTTLS from being used after AUTHINFO. As long as we specify
> in which order the layers are applied (per Section 4, req. 7 of RFC
> 2222bis), I think we are free to allow STARTTLS before or after
> AUTHINFO. I believe that this is something that was discussed in the
> past and there was support for it. Do we want to revisit this, or just
> continue to disallow STARTTLS after AUTHINFO?
I'd prefer not to have the restriction; IMO it's better for the documents
to be decoupled as far as possible.
> Since I'm not a security
> expert, I don't know what, if any, flags this might raise.
Nor I.
--
Clive D.W. Feather | Work: <clive at demon.net> | Tel: +44 20 8495 6138
Internet Expert | Home: <clive at davros.org> | Fax: +44 870 051 9937
Demon Internet | WWW: http://www.davros.org | Mobile: +44 7973 377646
Thus plc | |
More information about the ietf-nntp
mailing list