[NNTP] NNTP Extensions drafts

Russ Allbery rra at stanford.edu
Sun May 22 14:12:29 PDT 2005 

Ken Murchison <ken at oceana.com> writes:

> Please accept the following updated drafts:

> ftp://ftp.oceana.com/pub/drafts/draft-ietf-nntpext-authinfo-08.txt
> ftp://ftp.oceana.com/pub/drafts/draft-ietf-nntpext-streaming-05.txt
> ftp://ftp.oceana.com/pub/drafts/draft-ietf-nntpext-tls-nntp-06.txt

draft-ietf-sasl-saslprep-* has been published as RFC 4013.  Could you
update the reference in the authinfo draft accordingly?

The I-D checklist asks that the Abstract not have any references that
aren't fully explained.  The authinfo and streaming drafts have references
to [NNTP-COMMON].  Could you reword the Abstract to clearly indicate that
this is RFC 2980?

One route may be to drop the references entirely from the Abstract.  For
example, you could use these Abstracts (which are what I'm submitting for
the protocol writeup).

authinfo:

   This document defines an extension the Network News Transport Protocol
   (NNTP) which allows a client to indicate an authentication mechanism to
   the server, perform an authentication protocol exchange, and optionally
   negotiate a security layer for subsequent protocol interactions during
   the remainder of an NNTP session.

   This document updates and formalizes the AUTHINFO USER/PASS
   authentication method specified in RFC 2980 and deprecates the AUTHINFO
   SIMPLE and AUTHINFO GENERIC authentication methods.  Additionally, this
   document defines a profile of the Simple Authentication and Security
   Layer (SASL) for NNTP.

streaming:

   This memo defines an extension to the Network News Transport Protocol
   to provide asynchronous (otherwise known as "streaming") transfer of
   articles.  This allows servers to transfer articles to other servers
   with much greater efficiency.

   RFC 2980 summarizes some ad-hoc transport extensions currently used in
   the NNTP protocol.  This document updates and formalizes the CHECK and
   TAKETHIS commands and deprecates the MODE STREAM command.

tls:

   This memo defines an extension to the Network News Transport Protocol
   to provide connection-based security (via Transport Layer Security).
   The primary goal is to provide encryption for single-link
   confidentiality purposes, but data integrity, (optional)
   certificate-based peer entity authentication, and (optional) data
   compression are also possible.

I don't believe these changes have to be made immediately, but if our AD
wants them to be, I'll let you know.  Otherwise, they can probably be made
in an additional ID submitted at the end of the Last Call period.

Note that both the authinfo and tls drafts currently have normative
references on IDs.  The tls ones are on documents currently in Last Call,
so hopefully they'll finish before we do.  The authinfo ones are more
problematic.  We may need to back off the references to RFC 2222, RFC
2831, and RFC 3454 (and, in fact, since SASLprep was published with a
reference to RFC 3454, we probably should back off our reference
accordingly).  Changing the RFC 2831 reference looks trivial; RFC 2222 may
require reviewing section number references.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

More information about the ietf-nntp mailing list