Re: ietf-nntp Feedback on the 9/3 nntpext.
Brian Hernacki <bhern@netscape.com> Fri, 05 September 1997 21:47 UTC
Received: from cnri by ietf.org id aa22333; 5 Sep 97 17:47 EDT
Received: from announcer.academ.com (majordomo@ANNOUNCER.ACADEM.COM [198.137.249.60]) by cnri.reston.va.us (8.8.5/8.7.3) with ESMTPid RAA07847 for <ietf-archive@cnri.reston.va.us>; Fri, 5 Sep 1997 17:51:01 -0400 (EDT)
Received: (from majordomo@localhost) by announcer.academ.com (8.8.5/8.8.5) id QAA09790; Fri, 5 Sep 1997 16:46:06 -0500 (CDT)
Received: from academ.com (root@ACADEM.COM [198.137.249.2]) by announcer.academ.com (8.8.5/8.8.5) with ESMTP id QAA09785 for <ietf-nntp@ANNOUNCER.ACADEM.COM>; Fri, 5 Sep 1997 16:46:04 -0500 (CDT)
Received: from netscape.com (h-205-217-237-46.netscape.com [205.217.237.46]) by academ.com (8.8.5/8.8.5) with ESMTP id QAA16856 for <ietf-nntp@academ.com>; Fri, 5 Sep 1997 16:46:03 -0500 (CDT)
Received: from fusion.mcom.com (fusion.mcom.com [205.217.255.82]) by netscape.com (8.8.5/8.8.5) with ESMTP id OAA02796 for <ietf-nntp@academ.com>; Fri, 5 Sep 1997 14:45:31 -0700 (PDT)
Received: from netscape.com ([205.217.228.45]) by fusion.mcom.com (Netscape Messaging Server 3.01) with ESMTP id 282 for <ietf-nntp@academ.com>; Fri, 5 Sep 1997 14:45:29 -0700
Message-ID: <34107CC4.9E08C5E@netscape.com>
Date: Fri, 05 Sep 1997 14:42:28 -0700
From: Brian Hernacki <bhern@netscape.com>
Organization: Netscape, Floating Point Division
X-Mailer: Mozilla 4.03 [en] (X11; U; SunOS 5.5 sun4u)
MIME-Version: 1.0
To: ietf-nntp@academ.com
Subject: Re: ietf-nntp Feedback on the 9/3 nntpext.
References: <2FBF98FC7852CF11912A0000000000010581D2FF@DINO>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-nntp@academ.com
Precedence: bulk
Larry Osterman (Exchange) wrote: > > The reason a client might want to keep a connection open is to avoid > re-authenticating a user. Consider, for example an OTP system. In > such a system, the users credentials have a limited lifetime (typically > several hundred iterations), after which the user needs to get a new set > of credentials. > > In such an environment, it is critical that clients minimize the number > of authentications, and every server disconnection forces one of the > passwords to be exhausted. > > Also, on many systems authentication is quite slow (up to half a second > or more), so clients try to avoid authentications as much as possible - > and again, if the server disconnects, it causes unnecessary client > slowdowns. In that system, the admin would just set the timeout to be sufficiently long. > All I'm getting at is that I think that it makes sense for the NNTP > draft to: > a) Mandate that timeouts are legal I don't think there is any disagreement about timeouts being legal. > and b) Place some restrictions on a minimum length for that timeout. > > I don't care what the minimum timeout is (1 minute :)), but there SHOULD > be a minimum timeout. Why? --brian
- ietf-nntp Feedback on the 9/3 nntpext. Brian Hernacki
- RE: ietf-nntp Feedback on the 9/3 nntpext. Larry Osterman (Exchange)
- Re: ietf-nntp Feedback on the 9/3 nntpext. Brian Hernacki
- Re: ietf-nntp Feedback on the 9/3 nntpext. Jack Hudler
- RE: ietf-nntp Feedback on the 9/3 nntpext. Larry Osterman (Exchange)
- Re: ietf-nntp Feedback on the 9/3 nntpext. Brian Kantor
- RE: ietf-nntp Feedback on the 9/3 nntpext. Larry Osterman (Exchange)
- Re: ietf-nntp Feedback on the 9/3 nntpext. Brian Hernacki