[NNTP] TLS draft question
Eric Rescorla
ekr at networkresonance.com
Tue Jul 19 15:50:27 PDT 2005
Ned Freed <ned.freed at mrochek.com> writes:
>> Russ Allbery wrote:
>
>> > Currently, the TLS draft says that STARTTLS may fail but the NNTP session
>> > may continue. A question has been raised as to whether this is possible
>> > to do reliably, since if TLS has failed, the connection may be in an
>> > indeterminate state.
>
>> Both the client and server will know if the negotiation failed, so I
>> don't think its indeterminate.
>
>> > Are there other STARTTLS specifications that allow
>> > this case? I don't remember off-hand if the TLS working group review
>> > addressed this point in particular.
>
>> Yes. I believe that our text follows that of IMAP, POP3 and SMTP in
>> that the session may continue even if the TLS negotiation failed.
>
> That may be the theory, but it almost never works in practice, in my
> experience at least.
I think Ned's right here, if for no other reason than that SSL
implementations can buffer and so you've now got to figure out how to
unbuffer the data. Sorry for not catching that when Id id my
review..
-Ekr
More information about the ietf-nntp
mailing list