[NNTP] Extension snapshots 2
Peter Robinson
pmrobinson at gmx.net
Sun Jan 9 13:59:38 PST 2005
Clive D.W. Feather <clive at demon.net> wrote:
> Ken Murchison said:
> > In
> > agreement with [SASL], if a security layer is established as part of
> > the authentication, the server MUST continue to advertise the SASL
> > capability in response to a CAPABILITIES command with the same list of
> > SASL mechanisms as before authentication (thereby enabling the client
> > to detect a possible active down-negotiation attack)."
>
> Can we drop the condition, and just have the SASL capability be advertised
> throughout the session?
Surely this is exactly the kind of situation that the -- capability
modifier is useful for.
>From pre-6 3.3.3 Capability modifiers:
| --
| the capability cannot be re-enabled in this session
Peter
More information about the ietf-nntp
mailing list