Protocol Action: 'NNTP Extension for Authentication' to Proposed Standard
The IESG <iesg-secretary@ietf.org> Tue, 27 September 2005 15:56 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EKHoW-0004Xh-SD; Tue, 27 Sep 2005 11:56:16 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EKHoQ-0004XO-94; Tue, 27 Sep 2005 11:56:14 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA21984; Tue, 27 Sep 2005 11:56:07 -0400 (EDT)
Received: from [132.151.6.50] (helo=newodin.ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EKHvh-0001Si-LC; Tue, 27 Sep 2005 12:03:41 -0400
Received: from apache by newodin.ietf.org with local (Exim 4.43) id 1EKHoN-00019G-Sp; Tue, 27 Sep 2005 11:56:07 -0400
X-test-idtracker: no
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Message-Id: <E1EKHoN-00019G-Sp@newodin.ietf.org>
Date: Tue, 27 Sep 2005 11:56:07 -0400
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0a7aa2e6e558383d84476dc338324fab
Cc: nntpext chair <rra@stanford.edu>, Internet Architecture Board <iab@iab.org>, nntpext chair <ned.freed@mrochek.com>, nntpext mailing list <ietf-nntp@lists.eyrie.org>, RFC Editor <rfc-editor@rfc-editor.org>
Subject: Protocol Action: 'NNTP Extension for Authentication' to Proposed Standard
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: ietf-announce.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
Sender: ietf-announce-bounces@ietf.org
Errors-To: ietf-announce-bounces@ietf.org
The IESG has approved the following documents: - 'Using TLS with NNTP ' <draft-ietf-nntpext-tls-nntp-09.txt> as a Proposed Standard - 'NNTP Extension for Authentication ' <draft-ietf-nntpext-authinfo-10.txt> as a Proposed Standard These documents are products of the NNTP Extensions Working Group. The IESG contact persons are Scott Hollenbeck and Ted Hardie. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-nntpext-authinfo-10.txt Technical Summary The TLS extension document defines an extension to the Network News Transport Protocol (NNTP) to provide connection-based security (via Transport Layer Security). The primary goal is to provide encryption for single-link confidentiality purposes, but data integrity, (optional) certificate-based peer entity authentication, and (optional) data compression are also possible. The authinfo extension document defines an extension to NNTP which allows a client to indicate an authentication mechanism to the server, perform an authentication protocol exchange, and optionally negotiate a security layer for subsequent protocol interactions during the remainder of an NNTP session. The authinfo document also updates and formalizes the AUTHINFO USER/PASS authentication method specified in RFC 2980 and deprecates the AUTHINFO SIMPLE and AUTHINFO GENERIC authentication methods. Additionally, this document defines a profile of the Simple Authentication and Security Layer (SASL) for NNTP. Working Group Summary Both the AUTHINFO and TLS drafts were written based on the standard SASL and STARTTLS specifications for other protocols. The working group then hammered out reasonable status codes, interaction with other portions of the NNTP protocol, and the documentation of the legacy AUTHINFO USER command. Both documents are believed to be generic and straightforward implementations of the standard SASL and STARTTLS protocols, copying where possible what was done for POP, IMAP, and SMTP. The NNTPEXT WG achieved consensus on both documents. Protocol Quality Scott Hollenbeck has reviewed these specifications for the IESG. The TLS protocol has been implemented in the Cyrus IMAP server and will be implemented in INN. The AUTHINFO USER/PASS authentication method specified here was previously defined less formally in RFC 2980 and is in widespread, interoperable use by existing NNTP implementations. AUTHINFO SASL has been implemented for INN and the Cyrus IMAP server. _______________________________________________ IETF-Announce mailing list IETF-Announce@ietf.org https://www1.ietf.org/mailman/listinfo/ietf-announce