[NNTP] Extension snapshots 2
Russ Allbery
rra at stanford.edu
Tue Jan 11 15:22:15 PST 2005
Clive D W Feather <clive at demon.net> writes:
> True. All I'm asking is that the SASL capability remain advertised.
> How about:
> The server MUST advertise the SASL capability throughout the session,
> even if no longer advertising the AUTHINFO capability. It MUST NOT
> change the list of SASL mechanisms as an effect of the AUTHINFO
> command, even if this establishs a security layer. (As described by
> [SASL], this then enables the client to to detect a possible active
> down-negotiation attack.) It MAY change the list as an effect of
> other commands or extensions (e.g. [NNTP-TLS]).
This is fine with me.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the ietf-nntp
mailing list