[NNTP] Snapshot 6
Peter Robinson
pmrobinson at gmx.net
Sun Jan 9 13:59:09 PST 2005
Ken Murchison <ken at oceana.com> wrote:
> 3.3.3:
>
> If my server supports AUTHINFO, how do I advertise that
> AUTHINFO USER and AUTHINFO SASL PLAIN require TLS, but all other SASL
> mechanisms can be used without TLS?
>
> We can't/shouldn't have the same capability advertised twice, e.g.:
>
> -483 AUTHINFO USER
> AUTHINFO SASL
> -483 SASL PLAIN
> SASL CRAM-MD5 DIGEST-MD5
Hmm. It's true that 5.2 CAPABILITIES currently says
| The server MUST NOT list the same capability twice in the response.
but it violates that in its own examples by listing READER twice:
| [C] CAPABILITIES
| [S] 101 Capability list:
| [S] VERSION 2
| [S] READER
| [S] -480 READER POST
| [S] LIST ACTIVE NEWSGROUPS
| [S] AUTHINFO SASL
| [S] SASL GSSAPI
| [S] .
First of all, that's one good argument for having POST as a separate
capability in its own right, but IMHO it would still be good to allow
this kind of functionality in the spec. Can we relax the restriction on
having repeated capabilities to allow multiple copies as long as they
all have different modifiers and/or arguments? Can it be defined
unambiguously?
> Do we allow modifiers to be interspersed in arguments, e.g.:
>
> AUTHINFO SASL -483 USER
> SASL CRAM-MD5 DIGEST-MD5 -483 PLAIN
That's another way, though I think I'd prefer doing it with repeated
capability lines.
[snip]
Peter
More information about the ietf-nntp
mailing list