[NNTP] Extension snapshots 2
Ken Murchison
ken at oceana.com
Tue Jan 4 10:09:21 PST 2005
Russ Allbery wrote:
> Ken Murchison <ken at oceana.com> writes:
>
>
>>So, do you want to prohibit this unilaterally, e.g.:
>
>
>>"Servers MUST NOT allow the use of MODE READER after successful
>>authentication."
>
>
>>Or only prohibit it on mode-switching servers, e.g.:
>
>
>>"Mode-switching servers MUST NOT allow the use of MODE READER after
>>successful authentication."
>
>
> Can we turn this around and say instead that the client MUST NOT send it
> after successful authentication? Then there's no pressing need to say
> what the server has to do.
But only the server knows if its truely mode-switching (in lieu of a
MODE READER capability -- which only VERSION 2 capable clients will know
about) and the client may always send MODE READER just to cover its ass.
I'm worried about breaking existing clients (e.g. Pine) which have found
a sequence of commands which work on almost all servers (mode-switching
INN being the notable exception).
And if we do make a note regarding the use of MODE READER after
authentication, do we do so only in the context of mode-switching, or
unilaterally?
Ideally, a mode-switching server would discontinue advertising the MODE
READER capability after TLS and/or authentication.
And perhaps we dance around this issue a little and say something like
this in the base doc:
"If a client intends to use the MODE READER command, it SHOULD issue
this command before any security or privacy commands are issued."
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the ietf-nntp
mailing list