[NNTP] Extension snapshots 2
Russ Allbery
rra at stanford.edu
Tue Jan 4 10:47:01 PST 2005
Ken Murchison <ken at oceana.com> writes:
> OK, so should I state in AUTHINFO/STARTTLS that the MODE_READER
> capability (is this what we're calling it?) SHOULD (MUST?) NOT be
> advertised after successful authentication/TLS negotiation?
MUST NOT. Yes.
> As an alternative (or in addition to the above) should I state in
> AUTHINFO/STARTTLS that client MUST NOT issue MODE READER after
> successful authentication/TLS negotiation?
I think we can say both -- the latter is still useful when dealing with
servers that don't have capabilities.
> Since the above text would go into the base doc and the issue of
> capabilities being added/removed as a result of other commands is also
> addressed in the base doc, I'm wondering what kind of text you want to
> see in the AUTHINFO and STARTTLS docs. It seems to me that most, if not
> all, of the MODE READER issue can be addressed in the base doc, thus
> eliminating duplicate text in AUTHINFO, STARTTLS and any other
> security/privacy extensions down the road.
Yeah, that would work. I don't know if there's merit in just restating
the point briefly in a sentence or two, just to make sure that
implementors don't miss it by not reading the generic section of the base
document.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the ietf-nntp
mailing list