[NNTP] STARTTLS -- port 563 language

Russ Allbery rra at stanford.edu
Tue Jun 7 17:27:04 PDT 2005


Jeffrey M Vinocur <jeff at litech.org> writes:

> I just noticed that I had an outstanding change lying around on disk.  I
> don't remember if I reworded this in response to a specific issue, or if
> it just struck me as a confusingly long and winding sentence.

> Does anyone remember and/or think the revised text is an improvement?

I think it's an improvement; I think it's worth saying explicitly that the
TLS negotiation starts immediately in that mode.

> -Although current use of TLS most often involves the dedication of port
> -563 for NNTP over TLS, the continued use of TLS on a separate port is
> -discouraged for the reasons documented in section 7 of "Using TLS with
> -IMAP, POP3 and ACAP" [TLS-IMAPPOP].
> +
> +In some existing implementations, TCP port 563 has been dedicated to
> +NNTP over TLS.  These implementations begin the TLS negotiation
> +immediately upon connection, and then continue with the initial steps of
> +an NNTP session.  This use of TLS on a separate port is discouraged for
> +the reasons documented in section 7 of "Using TLS with IMAP, POP3 and
> +ACAP" [TLS-IMAPPOP].  The STARTTLS command is the preferred way of using
> +TLS with NNTP.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the ietf-nntp mailing list