[NNTP] Extension snapshots 3
Clive D.W. Feather
clive at demon.net
Tue Feb 8 06:28:47 PST 2005
Ken Murchison said:
>> Your various CAPABILITIES examples need to be audited against the
>> latest [NNTP], to ensure that, for example, they have the correct LIST
>> arguments based on the other capabilities.
> Added LIST OVERVIEW.FMT to STARTTLS draft and LIST HEADERS to STREAMING
> draft. Did you see anything else missing?
I didn't do a full audit, just noted the point. Sorry.
>> STREAMING
>>
>> 2.3.2: the last sentence contradicts the first. Since the first sentence
>> says it MUST support MODE STREAM if streaming works, the SHOULD in the last
>> sentence makes no sense. Just delete the last sentence.
>
> OK, I see your point. What I'm trying to say is that MODE STREAM isn't
> required (because its deprecated by CAPABILITIES), but if supported, it
> returns 203.
Isn't it easier just to require it? What's the benefit in allowing it to be
not provided?
>> 2.1. The sentence "However, ..." needs adjusting. Try:
>>
>> However, the capability MUST NOT be advertised once a TLS layer
>> is active (see section 2.2.2.2), or after any alternative mechanism
>> that installs a security layer (e.g. [NNTP-AUTH]).
>>
>> Note the change to MUST NOT. The second bit is because, in principle,
>> STARTTLS after a USER authentication, or an SASL authentication that
>> does *not* set up a security layer, should be fine.
>
> Not true. Successful STARTTLS resets the state of the connection, so we
> don't allow STARTTLS after *any* authentication.
Good point.
> Here's the current
> sentence:
>
> "However, this capability MUST NOT be advertised once a TLS layer is
> active (see section 2.2.2.2), or after successful authentication
> [NNTP-AUTH]."
Okay.
--
Clive D.W. Feather | Work: <clive at demon.net> | Tel: +44 20 8495 6138
Internet Expert | Home: <clive at davros.org> | Fax: +44 870 051 9937
Demon Internet | WWW: http://www.davros.org | Mobile: +44 7973 377646
Thus plc | |
More information about the ietf-nntp
mailing list