headers
Russ Allbery | 8 Sep 2003 18:17
Picon
Favicon
Gravatar

Re: ietf-nntp Last major open issue (48x return codes)

Ken Murchison <ken <at> oceana.com> writes:
> Russ Allbery wrote:

>> Authentication and privacy are pretty huge buckets that should
>> encapsulate a world of extensions.

> We could even generalize these as "security" which is probably a bigger
> bucket.

That sounds fine to me; I certainly have no objections.

--

-- 
Russ Allbery (rra <at> stanford.edu)             <http://www.eyrie.org/~eagle/>
_______________________________________________
ietf-nntp mailing list
ietf-nntp <at> academ.com
https://www.academ.com/mailman/listinfo/ietf-nntp
Permalink | Reply |
headers
Jeffrey M. Vinocur | 9 Sep 2003 01:11

Re: ietf-nntp Last major open issue (48x return codes)

On Mon, 8 Sep 2003, Russ Allbery wrote:

> Ken Murchison <ken <at> oceana.com> writes:
> > Russ Allbery wrote:
> 
> >> Authentication and privacy are pretty huge buckets that should
> >> encapsulate a world of extensions.
> >
> > We could even generalize these as "security" which is probably a bigger
> > bucket.
> 
> That sounds fine to me; I certainly have no objections.

Especially once (some day) it's all SASL-based, and thus the distinction
isn't even relevant to the NNTP negotiation.  (That is, if the server
admin is looking to have authentication required, encryption optional,
then the server will advertise only the relevant mechanisms.)  I can't see 
any reason to have them distinguished in that case.

--

-- 
Jeffrey M. Vinocur
jeff <at> litech.org

_______________________________________________
ietf-nntp mailing list
ietf-nntp <at> academ.com
https://www.academ.com/mailman/listinfo/ietf-nntp
Permalink | Reply |
headers
Ken Murchison | 9 Sep 2003 01:17

Re: ietf-nntp Last major open issue (48x return codes)


Jeffrey M. Vinocur wrote:
> On Mon, 8 Sep 2003, Russ Allbery wrote:
> 
> 
>>Ken Murchison <ken <at> oceana.com> writes:
>>
>>>Russ Allbery wrote:
>>
>>>>Authentication and privacy are pretty huge buckets that should
>>>>encapsulate a world of extensions.
>>>
>>>We could even generalize these as "security" which is probably a bigger
>>>bucket.
>>
>>That sounds fine to me; I certainly have no objections.
> 
> 
> Especially once (some day) it's all SASL-based, and thus the distinction
> isn't even relevant to the NNTP negotiation.  (That is, if the server
> admin is looking to have authentication required, encryption optional,
> then the server will advertise only the relevant mechanisms.)  I can't see 
> any reason to have them distinguished in that case.

Good point, but I don't think that PLAIN+TLS will go away any time soon, 
so the authentication (AUTHINFO SASL) and privacy (STARTTLS) distinction 
will still need to be made.

--

-- 
Kenneth Murchison     Oceana Matrix Ltd.
(Continue reading)

Permalink | Reply |

Gmane