[NNTP] Snapshot 6
Ken Murchison
ken at oceana.com
Tue Jan 11 09:35:58 PST 2005
Clive D.W. Feather wrote:
> Ken Murchison said:
>
>>Granted, in this case a -483 isn't necessary to tell the client that it
>>needs TLS before AUTHINFO USER or AUTHINFO SASL PLAIN, since it can
>>infer this by the presence of STARTTLS and the absence of AUTHINFO USER
>>and SASL PLAIN.
>
>
> No, because:
> (a) the server might offer XENCRYPT rather than STARTLS;
> (b) even after a privacy layer is in effect, there's no requirement that
> the server will offer AUTHINFO USER or SASL PLAIN.
Technically you're correct, but I find it highly unlikely that a server
would advertise AUTHINFO and a security layer such as STARTTLS or
XENCRYPT, but *not* implement AUTHINFO USER or SASL PLAIN under a
security layer.
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the ietf-nntp
mailing list