Your patch for SSL support in nnrpd

Toon van der Pas toon at vdpas.hobby.nl
Sat Mar 25 11:00:49 UTC 2000 

On Fri, Mar 24, 2000 at 10:03:15PM +0100, James.Brister at nominum.com wrote:
> 
> > Well, I just checked inn-STABLE_2_2-2000-03-24_03-06 and is isn't in.
> > So I take it that by "current" you mean "bleeding edge"?
> > That's not exactly what I tend to run on out production machines.  :-(
> 
> Just wait and the current CURRENT code will eventualy be on the
> STABLE branch.

The STABLE branch is advertised as the current production release
plus fixes. No new functionality is added to the STABLE branch.
Hence I expect the SSL support to be introduced in 2.3
Am I right?

> > To draft-barber-nntp-imp-07 maybe?
> 
> Last I looked there was no extension proposed for SSL support.
> Netscape and Microsoft are both on the nntp wg but I've heard
> nothing from them about this (keeping security support propietary
> is to their advantage anyway).

The draft from S. Barber, dated april 1997, talks about extensions in
the authentication area. It describes three types of AUTHINFO dialogs:

AUTHINFO USER <username>
AUTHINFO PASS <password>

    This is the original AUTHINFO command,
    where the userid and passwd are sent
    over the network in plain text format.)

AUTHINFO SIMPLE

    This one was described in the NNTP v2 revision proposal.
    S. Barber writes that "it is recommended that this command not be
    implemented, but use either or both of the other forms of AUTHINFO
    if such functionality if required."

AUTHINFO GENERIC <authenticator> <arg> <arg> <arg> ...

    This is the generic form of the AUTHINFO command.
    S. Barber writes: "AUTHINFO GENERIC is used to identify a
    specific entity to the server using arbitrary authentication or
    identification protocols.  The desired protocol is indicated by
    the authenticator parameter, and any number of parameters can be
    passed to the authenticator."
    .
    .
    .
    "The authentication protocols are not included in this document,
    but are similar in structure to those referenced in RFC 1731[8]
    for the IMAP-4 protocol."

This last version of the AUTHINFO dialog opens doors to all kinds of
secure authentication protocols. What are clients like Outlook Express,
Netscape Navigator, knews etc using when secure logon is chosen?
Does anyone have traces of the logon dialogs?
I'm looking for support of secure logon's for popular news clients in
INN.

> > This world needs a solution that works for most (if not all) of us.
> 
> true
> 
> > You're doing a wonderful job.
> > I just wonder why rfc 977 is still current.
> 
> The SSL patch was good. 977 is still current because it defines the
> basics and they are still appropriate. The question should really
> be why has no-one proposed an extension for this issue.

That's exactly what I meant to say.

> Maybe someone here can.

The Barber draft should provide a good starting point.
And studying the authentication dialogs popular news clients use today.
I expect (hope) they do something along the lines of the Barber draft.

Toon.

More information about the inn-workers mailing list