[NNTP] Last Call: <draft-elie-nntp-tls-recommendations-01.txt> (Use of Transport Layer Security (TLS) in the Network News Transfer Protocol (NNTP)) to Proposed Standard

[Sabahattin Gucukoglu]

On 2 Dec 2016, at 22:13, Julien ÉLIE <julien at trigofacile.com> wrote:
> Would the following wording suit you?
> 
>  TCP port 563 is dedicated to NNTP over TLS, and registered in the
>  IANA Service Name and Transport Protocol Port Number Registry for
>  that usage.  NNTP implementations using TCP port 563 begin the TLS
>  negotiation immediately upon connection and then continue with the
>  initial steps of an NNTP session.  This use of strict TLS on a
>  separate port is the preferred way of using TLS with NNTP.
> 
>  If a host wishes to offer separate servers for transit and reading
>  clients, TCP port 563 SHOULD be used for the reading server using
>  strict TLS.  Regarding the transit server, though TCP port 433 is
>  registered for NNSP (Network News Streaming Protocol), no dedicated
>  port is currently registered for NNSP over TLS.  If a transit server
>  offers strict TLS, it SHOULD either use TCP port 433 if it does not
>  accept connections without TLS, or another unused port of its choice
>  communicated to all its clients using strict TLS.

This is pretty neat, but I'd like to make the last point unambiguous, like this:

If a transit server offers strict TLS, it SHOULD use TCP port 433 if it does not accept connections without TLS, but can alternatively use another unused port of its choice.  In either case, the port used should be clearly communicated to the client as the port used for strict TLS, and specifically that no plain-text communication occurs before the TLS session is negotiated.

If you can make that clearer, be my guest. :)

Cheers,
Sabahattin