[NNTP] Snapshot 6

Clive D.W. Feather clive at demon.net
Mon Jan 17 22:48:17 PST 2005 

Russ Allbery said:
>>> If this line isn't there and the server just says:
>>> 
>>>     AUTHINFO SASL
>>>     READER LISTGROUP
>>> 
>>> then the client doesn't know for certain that authentication *won't*
>>> help, since the server may just not be using modifiers.
> 
>> True. Which means the client has to fall back to "suck it and see"; the
>> whole point of capabilities was to get rid of that, surely?
> 
> My point is that you can't get rid of it completely, so I'm not sure how
> much getting rid of it in a few more cases really helps.

If we have a mechanism for making things clear to the client then,
hopefully, over time it will get used. Yes, there's a certain amount of
bootstrap problem (clients won't use it until servers do, and vice versa),
but that's the case with many new features.

> You still don't
> know whether you can post after authentication; you just know that you
> *might* be able to.

I don't think that's a fair comparison. The idea of

    -480 READER POST

is to say "you need to authenticate to post, you can't post without it". If
the client doesn't have good enough credentials, that's a different matter
entirely.

> How many cases are there where you can't actually
> post even after authentication but authentication is listed as a
> capability?  In my experience, that's an extremely unusual configuration.

How about a server carrying private read-only groups? Authenticating is
necessary to get at those groups, but that doesn't mean posting will be
available.

But, in any case, we should NOT be building such assumptions into a
specification, especially if they're not documented. You appear to be
saying (and please correct me if I'm wrong) that our document should
contain wording to the effect of:

    If the READER capability is advertised without POST, and the
    AUTHINFO capability or some other authentication capability is
    also advertised, then the client MAY assume that posting will become
    available after authentication.

Is that really something to build into the core protocol?

> I'm weighing that against the additional complexity, with questions like
> what it means when you're listing the same capability multiple times with
> different modifiers and the like.

I'm weighing against the hidden assumptions.

A capability line beginning "-480" basically means: "if you authenticate
yourself properly, this capability line will reappear with the -480
stripped (and, if relevant, merged with any other line with the same
label)". Ditto -483 and -label.

-- 
Clive D.W. Feather  | Work:  <clive at demon.net>   | Tel:    +44 20 8495 6138
Internet Expert     | Home:  <clive at davros.org>  | Fax:    +44 870 051 9937
Demon Internet      | WWW: http://www.davros.org | Mobile: +44 7973 377646
Thus plc            |                            |

More information about the ietf-nntp mailing list