[NNTP] Extension snapshots 2

Russ Allbery rra at stanford.edu
Tue Jan 4 11:42:53 PST 2005 

Ken Murchison <ken at oceana.com> writes:

> OK, here's the current AUTHINFO passages w.r.t. MODE READER.  Comments? 
> I'll make similar changes to STARTTLS once we can agree on some text.

> Section 2.1 ("Advertising the AUTHINFO Extension")

> "A server MUST implement at least one of the AUTHINFO USER or AUTHINFO
> SASL commands in order to advertise the AUTHINFO capability in the
> response to the CAPABILITIES command.  However, this capability is not
> advertised after successful authentication (see section 2.2).  This
> capability MAY be advertised both before and after any use of MODE
> READER, with the same semantics."

I don't think this requires any changes.

> Section 2.2 ("Authenticating with the AUTHINFO Extension")

> "After a successful authentication, the client MUST NOT issue another
> AUTHINFO command or a MODE READER command in the same session.  A server
> MUST NOT return the AUTHINFO or MODE_READER capabilities in response to
> a CAPABILITIES command and a server MUST reject any subsequent AUTHINFO
> or MODE READER commands with a 502 response.  In agreement with [SASL],
> if a security layer is established as part of the authentication, the
> server MUST continue to advertise the SASL capability in response to a
> CAPABILITIES command with the same list of SASL mechanisms as before
> authentication (thereby enabling the client to detect a possible active
> down-negotiation attack)."

I would leave MODE READER out of the server MUST reject part, to leave the
door open for non-mode-switching servers that want to just always return
200 to MODE READER all the time.  I guess that's what you were driving at
with your original question.  I do agree that the MODE_READER capability
MUST NOT be advertised (since that invites clients to use it), and the
client language looks right to me.

> Section 2.4 ("AUTHINFO SASL Command")

> "When a security layer takes effect, the NNTP protocol is reset to the
> state immediately after the most recent MODE READER response (see 5.3 or
> [NNTP]) or initial greeting response (see 5.1 of [NNTP]) has been sent.

This sounds a little odd to me, since it sort of implies that MODE READER
creates a state "checkpoint" that you then revert back to.  It's partly
taken care of by the next sentence:

> The server MUST discard any knowledge obtained from the client, such as
> the current newsgroup and article number, that was not obtained from the
> SASL negotiation itself.

but it still leaves me feeling a bit uncomfortable.

I wonder if we can avoid that by being more explicit, saying something
like:

   When a security layer takes effect, the NNTP protocol is reset to the
   state immediately after the initial greeting response (see 5.1 of
   [NNTP]) has been sent, with the exception that if a MODE READER command
   has been issued, the effects of it (if any) are not reversed.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

More information about the ietf-nntp mailing list