[NNTP] TLS draft question
Russ Allbery
rra at stanford.edu
Thu Jul 21 18:35:34 PDT 2005
Ken Murchison <ken at oceana.com> writes:
> Russ Allbery wrote:
>> Are there other STARTTLS specifications that allow this case? I don't
>> remember off-hand if the TLS working group review addressed this point
>> in particular.
> Yes. I believe that our text follows that of IMAP, POP3 and SMTP in
> that the session may continue even if the TLS negotiation failed.
I looked over RFC 2595 and didn't see any provision for a failed
negotiation one way or the other. The only mention of a failure is
immediately in response to the command.
RFC 3207 talks about the client closing the connection (which we have) but
doesn't say anything else about failure. The client closing the
connection is only a SHOULD, which implies that the connection could
continue, but then nothing is said about what happens then, whether
there's an error code, or the like. I wouldn't be sure as an implementor
what to do if I didn't take the SHOULD option.
Given the subsequent discussion here, it sounds like it would be best to
just always close the connection on failure to negotiate TLS once the
negotiation has started. I'm not sure that we buy anything by saying
anything else.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the ietf-nntp
mailing list