Re: ietf-nntp My notes from the NNTP WG meeting at the 37thIETF
Jack De Winter <jack@wildbear.on.ca> Sat, 21 December 1996 06:08 UTC
Received: from cnri by ietf.org id ai09214; 21 Dec 96 1:08 EST
Received: from ACADEM2.ACADEM.COM by CNRI.Reston.VA.US id aa20080;
20 Dec 96 15:51 EST
Received: (from majordomo@localhost) by academ2.academ.com (8.8.3/8.7.3) id
OAA20901 for ietf-nntp-outgoing; Fri, 20 Dec 1996 14:49:19 -0600 (CST)
X-Authentication-Warning: academ2.academ.com: majordomo set sender to
owner-ietf-nntp using -f
Received: from academ.com (root@ACADEM.COM [198.137.249.2]) by
academ2.academ.com (8.8.3/8.7.3) with ESMTP id OAA20896 for
<ietf-nntp@ACADEM2.ACADEM.COM>; Fri, 20 Dec 1996 14:49:17 -0600 (CST)
Received: from lacroix.wildbear.on.ca (lacroix.wildbear.on.ca
[199.246.132.198]) by academ.com (8.8.3/8.7.1) with ESMTP id OAA06852 for
<ietf-nntp@academ.com>; Fri, 20 Dec 1996 14:49:10 -0600 (CST)
Received: by lacroix.wildbear.on.ca from localhost
(router,SLMailNT V3.0); Fri, 20 Dec 1996 15:42:25 -0500
Received: by lacroix.wildbear.on.ca from wildside.wildbear.on.ca
(199.246.132.193::mail daemon,SLMailNT V3.0); Fri, 20 Dec 1996 15:42:24 -0500
Message-Id: <3.0.32.19961220154644.00eb6120@lacroix>
X-Sender: "Jack De Winter" <jack@wildbear.on.ca>
X-Mailer: Windows Eudora Pro Version 3.0 (32)
Date: Fri, 20 Dec 1996 15:46:45 -0500
To: Rich Salz <rsalz@osf.org>, NatBa@microsoft.com, brian@nothing.ucsd.edu,
moore@cs.utk.edu
From: Jack De Winter <jack@wildbear.on.ca>
Subject: Re: ietf-nntp My notes from the NNTP WG meeting at the 37thIETF
Cc: ietf-nntp@academ.com
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Comment: No Mime-content-encoding found in headers (although mime headers
used),
Content-Transfer-Encoding header added by lacroix.wildbear.on.ca (SLMailNT
V3.0)
Sender: owner-ietf-nntp@academ.com
Precedence: bulk
>The intent was that AUTHINFO LIST show you what crypto-mechs were >supported by the server, and the client picks one. AUTHINFO GENERIC >was intended to be a really simple mapping right onto GSSAPI. > >By the time the code and "spec" got out there, I had given up almost all >work on NNTP. I also didn't know enough about SASL, but at the time >AG :) was only lagging about two months behind SASL. John ran really >hard with his implementation, etc., so the gap is now probably six >months in terms of finish AG, quality of implementation, etc. I don't >know what's the better course of action, primarily because I don't know >much about SASL. For example, does it include negotiation that is not >suspect to man-in-the-middle downgrading? (I.e., it's not CAT-IETF SNEGO?) I professional wouldn't see any problems with making AUTHINFO GENERIC into the equivalent of AUTHSASL with one exception: what about existing news readers that are doing something with it already? Other than that, we could rework it so that AUTHINFO LIST would give a list of the types, etc. However, seeing as we are supposed to be coming up with 977bis as an accurate reflection of the protocol as it is at the moment and would need 2 implementations, I am not sure of the practicalities. (Keith?) One of the good points of an AUTHSASL extensions is that it does not break any existing code, but provides an upgrade path. One of the bad points is that it might compete with AUTHINFO GENERIC and would hold up and even be against the 977bis charter. Another one is that we would have to have 2 complete implementations by the cut of date, or force Stan to make news changes to the drafts every couple of months (which is not fair by any means). As for negotiation, it is totally in the hands of the client. The server may enforce a certain level, but that is totally dependant on the server and is not mandated or even discussed in the spec. It simply provides a convenient framework for supplying authentication and encryption mechanisms to protocols. regards, Jack ------------------------------------------------- Jack De Winter - Wildbear Consulting, Inc. (519) 576-3873 http://www.wildbear.on.ca/ Author of SLMail(95/NT) (http://www.seattlelab.com/) and other great products.
- Re: ietf-nntp My notes from the NNTP WG meeting a… Nat Ballou
- Re: ietf-nntp My notes from the NNTP WG meeting a… Nat Ballou
- Re: ietf-nntp My notes from the NNTP WG meeting a… Jack De Winter
- Re: ietf-nntp My notes from the NNTP WG meeting a… Rich Salz
- Re: ietf-nntp My notes from the NNTP WG meeting a… Rich Salz
- Re: ietf-nntp My notes from the NNTP WG meeting a… Chris Lewis
- Re: ietf-nntp My notes from the NNTP WG meeting a… Brian Hernacki
- Re: ietf-nntp My notes from the NNTP WG meeting a… Brian Hernacki
- Re: ietf-nntp My notes from the NNTP WG meeting a… Jack De Winter
- Re: ietf-nntp My notes from the NNTP WG meeting a… Nat Ballou
- Re: ietf-nntp My notes from the NNTP WG meeting a… Chris Newman
- Re: ietf-nntp My notes from the NNTP WG meeting a… Jack De Winter
- Re: ietf-nntp My notes from the NNTP WG meeting a… Jack De Winter
- Re: ietf-nntp My notes from the NNTP WG meeting a… Nat Ballou
- Re: ietf-nntp My notes from the NNTP WG meeting a… Jack De Winter
- Re: ietf-nntp My notes from the NNTP WG meeting a… Chris Lewis
- Re: ietf-nntp My notes from the NNTP WG meeting a… Jack De Winter