[NNTP] STARTTLS and authentication

Ken Murchison ken at oceana.com
Mon Jun 13 13:26:17 PDT 2005


Russ Allbery wrote:

> We should require AUTHINFO SASL EXTERNAL, just because I don't want to try
> to figure out what the problems with not requiring it might be.  :)

OK, I've replaced the paragraph in 2.2.2 which begins with "Generally 
and NNTP server ..."  with this:

"The server remains in the non-authenticated state, even if client
credentials are supplied during the TLS negotiation.  The AUTHINFO
SASL command [NNTP-AUTH] with the EXTERNAL mechanism [SASL] MAY be
used to authenticate once TLS client credentials are successfully
exchanged, but servers supporting the STARTTLS command are not
required to support AUTHINFO in general or that mechanism in
particular.  The server MAY use information from the client
certificate for identification of connections or posted articles
(either in its logs or directly in posted articles)."

Does this work?  If so, then we're just waiting for some feedback from Eric.

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp



More information about the ietf-nntp mailing list