IETF Logo Mail Archive

Re: ietf-nntp My notes from the NNTP WG meeting at the 37thIETF

Nat Ballou <NatBa@microsoft.com> Fri, 20 December 1996 17:02 UTC

Received: from cnri by ietf.org id aa15621; 20 Dec 96 12:02 EST
Received: from ACADEM2.ACADEM.COM by CNRI.Reston.VA.US id aa14307; 20 Dec 96 12:02 EST
Received: (from majordomo@localhost) by academ2.academ.com (8.8.3/8.7.3) id KAA20076 for ietf-nntp-outgoing; Fri, 20 Dec 1996 10:57:33 -0600 (CST)
X-Authentication-Warning: academ2.academ.com: majordomo set sender to owner-ietf-nntp using -f
Received: from academ.com (root@ACADEM.COM [198.137.249.2]) by academ2.academ.com (8.8.3/8.7.3) with ESMTP id KAA20071 for <ietf-nntp@ACADEM2.ACADEM.COM>; Fri, 20 Dec 1996 10:57:12 -0600 (CST)
Received: from tide03.microsoft.com (firewall-user@tide03.microsoft.com [131.107.3.13]) by academ.com (8.8.3/8.7.1) with ESMTP id KAA01076 for <ietf-nntp@academ.com>; Fri, 20 Dec 1996 10:57:08 -0600 (CST)
Received: by tide03.microsoft.com; id IAA24586; Fri, 20 Dec 1996 08:55:13 -0800 (PST)
Received: from unknown(157.54.17.74) by tide03.microsoft.com via smap (V3.1) id xma024579; Fri, 20 Dec 96 08:54:57 -0800
Received: from IMSMAIL ([157.55.65.201]) by imail2.microsoft.com (8.7.3/8.7.1) with ESMTP id IAA26303; Fri, 20 Dec 1996 08:55:13 -0800 (PST)
Received: from natba1 - 172.31.178.33 by ims.microsoft.com with Microsoft SMTPSVC; Fri, 20 Dec 1996 08:59:34 -0800
From: Nat Ballou <NatBa@microsoft.com>
To: Brian Hernacki <bhern@netscape.com>, Jack De Winter <jack@wildbear.on.ca>
Cc: Brian Kantor <brian@nothing.ucsd.edu>, Chris.Newman@innosoft.com, moore@cs.utk.edu, ietf-nntp@academ.com
MMDF-Warning: Parse error in original version of preceding line at CNRI.Reston.VA.US
Subject: Re: ietf-nntp My notes from the NNTP WG meeting at the 37thIETF
Date: Fri, 20 Dec 1996 08:55:56 -0800
X-MSMail-Priority: Normal
X-Priority: 3
X-Mailer: Microsoft Internet Mail 4.70.1160
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Message-ID: <0493534591614c6IMSMAIL@ims.microsoft.com>
Sender: owner-ietf-nntp@academ.com
Precedence: bulk

> From: Jack De Winter <jack@wildbear.on.ca>
> To: Brian Hernacki <bhern@netscape.com>om>; Nat Ballou <NatBa@MICROSOFT.com>
> Cc: Brian Kantor <brian@nothing.ucsd.edu>du>; Chris.Newman@INNOSOFT.COM;
moore@cs.utk.edu; ietf-nntp@academ.com
> Subject: Re: ietf-nntp My notes from the NNTP WG meeting at the 37thIETF
> Date: Thursday, December 19, 1996 11:09 AM
> 
> >As far as protocol goes, Netscape News Server will accept an AUTHINFO
> >USER, return a "381 PASS required", but still allow you to enter other
> >commands without having entered AUTHINFO PASS. It does not however, use
> >the USER information (even for readership stats) unless a password has
> >been provided to prove identity.
> 
> So, I guess then, if we can find one other server like that, we could
> argue that it should go into the 977bis draft to allow other commands
> but not to act on the 'verified' user until the use is indeed verified
> with the AUTHINFO PASS command?

Actually - no.  It seems the Netscape server accepts AUTHINFO USER without
an AUTHINFO PASS, but does nothing with the AUTHINFO USER.  I believe most
servers have a set of newsgroups that can be viewed without any
authentication
- so it's reasonable for the Netscape server to do what it does.  INN does
the same thing.  In any case, without a password, the AUTHINFO USER command
is useless, and servers will not accept it.  If they did, I could spoof
others.

Nat

v2.8.7 | Report a Bug | By Email