[NNTP] TLS draft question
Ken Murchison
ken at oceana.com
Tue Jul 19 21:48:37 PDT 2005
Eric Rescorla wrote:
> Ned Freed <ned.freed at mrochek.com> writes:
>
>
>>>Russ Allbery wrote:
>>
>>>>Currently, the TLS draft says that STARTTLS may fail but the NNTP session
>>>>may continue. A question has been raised as to whether this is possible
>>>>to do reliably, since if TLS has failed, the connection may be in an
>>>>indeterminate state.
>>
>>>Both the client and server will know if the negotiation failed, so I
>>>don't think its indeterminate.
>>
>>>>Are there other STARTTLS specifications that allow
>>>>this case? I don't remember off-hand if the TLS working group review
>>>>addressed this point in particular.
>>
>>>Yes. I believe that our text follows that of IMAP, POP3 and SMTP in
>>>that the session may continue even if the TLS negotiation failed.
>>
>>That may be the theory, but it almost never works in practice, in my
>>experience at least.
>
>
> I think Ned's right here, if for no other reason than that SSL
> implementations can buffer and so you've now got to figure out how to
> unbuffer the data. Sorry for not catching that when Id id my
> review..
No apologies nescessary, but I'm looking for guidance. What you're both
describing seems to be an implementation problem, not a design flaw in
the protocol. What do you suggest we do with NNTP that would differ
from the other messaging protocols?
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the ietf-nntp
mailing list