[NNTP] TLS draft question

[Russ Allbery]

Currently, the TLS draft says that STARTTLS may fail but the NNTP session
may continue.  A question has been raised as to whether this is possible
to do reliably, since if TLS has failed, the connection may be in an
indeterminate state.  Are there other STARTTLS specifications that allow
this case?  I don't remember off-hand if the TLS working group review
addressed this point in particular.

The alternative would be to simply require closing the connection if the
TLS negotiation fails, either on the server or the client end (rather than
only on the client end as is currently specified).

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>