[NNTP] Snapshot 6

Ken Murchison ken at oceana.com
Tue Jan 11 09:35:58 PST 2005


Clive D.W. Feather wrote:

> Ken Murchison said:
> 
>>Granted, in this case a -483 isn't necessary to tell the client that it 
>>needs TLS before AUTHINFO USER or AUTHINFO SASL PLAIN, since it can 
>>infer this by the presence of STARTTLS and the absence of AUTHINFO USER 
>>and SASL PLAIN.
> 
> 
> No, because:
> (a) the server might offer XENCRYPT rather than STARTLS;
> (b) even after a privacy layer is in effect, there's no requirement that
>     the server will offer AUTHINFO USER or SASL PLAIN.

Technically you're correct, but I find it highly unlikely that a server 
would advertise AUTHINFO and a security layer such as STARTTLS or 
XENCRYPT, but *not* implement AUTHINFO USER or SASL PLAIN under a 
security layer.

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp



More information about the ietf-nntp mailing list