[NNTP] STARTTLS and authentication
Ken Murchison
ken at oceana.com
Mon Jun 13 13:26:17 PDT 2005
Russ Allbery wrote:
> We should require AUTHINFO SASL EXTERNAL, just because I don't want to try
> to figure out what the problems with not requiring it might be. :)
OK, I've replaced the paragraph in 2.2.2 which begins with "Generally
and NNTP server ..." with this:
"The server remains in the non-authenticated state, even if client
credentials are supplied during the TLS negotiation. The AUTHINFO
SASL command [NNTP-AUTH] with the EXTERNAL mechanism [SASL] MAY be
used to authenticate once TLS client credentials are successfully
exchanged, but servers supporting the STARTTLS command are not
required to support AUTHINFO in general or that mechanism in
particular. The server MAY use information from the client
certificate for identification of connections or posted articles
(either in its logs or directly in posted articles)."
Does this work? If so, then we're just waiting for some feedback from Eric.
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the ietf-nntp
mailing list