[NNTP] Extension snapshots 2

Clive D.W. Feather clive at demon.net
Wed Jan 12 07:52:05 PST 2005


Ken Murchison said:
> "In agreement with [SASL], the server MUST continue to advertise the SASL
> capability in response to a CAPABILITIES command with the same list of
> SASL mechanisms as before authentication (thereby enabling the client
> to detect a possible active down-negotiation attack).  Other
> capabilities returned in response to a CAPABILITIES command received
> after authentication MAY be different than those returned before
> authentication.  For example, an NNTP server may not want to advertise
> support for a specific extension unless a client has been
> authenticated."

Works for me.

-- 
Clive D.W. Feather  | Work:  <clive at demon.net>   | Tel:    +44 20 8495 6138
Internet Expert     | Home:  <clive at davros.org>  | Fax:    +44 870 051 9937
Demon Internet      | WWW: http://www.davros.org | Mobile: +44 7973 377646
Thus plc            |                            |



More information about the ietf-nntp mailing list