headers
Russ Allbery | 22 Sep 2005 02:54
Picon
Favicon
Gravatar

[NNTP] Resolution on TLS wording

The following wording has been approved as sufficient to deal with the
certificate verification issue:

     To prevent man-in-the-middle attacks, clients MUST verify the binding
     between the identity of the server to which the client was connecting
     and the public key presented by the server.  Clients SHOULD implement
     the algorithm in section 6 of [RFC3280] for general certificate
     validation, but MAY supplement that algorithm with other validation
     methods that achieve equivalent levels of verification (such as
     comparing the server certificate against a local store of
     already-verified certificates and identity bindings).

(This should be the same as the language previously discussed on the
list.)  As I recall, we hadn't released an I-D with that wording pending
the outcome of the IESG discussions.  If my memory is correct, Ken, could
you go ahead and submit a new draft with this addition?

This is the last IESG blocking issue for any of our drafts.

Thanks!

--

-- 
Russ Allbery (rra <at> stanford.edu)             <http://www.eyrie.org/~eagle/>
Permalink | Reply | 0 comments |
headers
Internet-Drafts | 26 Sep 2005 16:50
Picon
Favicon

[NNTP] I-D ACTION:draft-ietf-nntpext-tls-nntp-09.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the NNTP Extensions Working Group of the IETF.

	Title		: Using TLS with NNTP
	Author(s)	: J. Vinocur, et al.
	Filename	: draft-ietf-nntpext-tls-nntp-09.txt
	Pages		: 14
	Date		: 2005-9-26
	
This memo defines an extension to the Network News Transport
     Protocol (NNTP) to allow an NNTP client and server to use Transport
     Layer Security (TLS).  The primary goal is to provide encryption
     for single-link confidentiality purposes, but data integrity,
     (optional) certificate-based peer entity authentication, and
     (optional) data compression are also possible.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-nntpext-tls-nntp-09.txt

To remove yourself from the I-D Announcement list, send a message to 
i-d-announce-request <at> ietf.org with the word unsubscribe in the body of the message.  
You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce 
to change your subscription settings.

Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
	"get draft-ietf-nntpext-tls-nntp-09.txt".

A list of Internet-Drafts directories can be found in
(Continue reading)

Permalink | Reply | 1 comment |
headers
Scott Hollenbeck | 27 Sep 2005 14:57

[NNTP] Working Group Closure

A few minutes ago I sent a request to the IETF Secretariat to announce IESG
approval of draft-ietf-nntpext-tls-nntp-09.txt and
draft-ietf-nntpext-authinfo-10.txt.  With those documents completed, the
work of this group is pretty much finished.

One outdated milestone remains: "Oct 04 Provide list of new extensions that
should be considered to the IESG for charter update consideration"

Given that this milestone has been missed by almost a year and there doesn't
appear to be any work going on to address it I am inclined to drop the
milestone, consider the work of this group complete, and close the group.
Work to address new extensions can then by taken up if and when people are
ready to consider forming a new working group.  The mailing list can remain
open to address that topic and any issues that come up during the RFC
editing process.

That's my proposal.  Speak now if you feel the group should remain open.  If
you do feel that the group should remain open, you should also explain how
you will help to complete the work and contribute to work going forward.

-Scott-
Permalink | Reply | 12 comments |
headers
Jeffrey M. Vinocur | 27 Sep 2005 15:11

Re: [NNTP] Working Group Closure

On Sep 27, 2005, at 8:57 AM, Scott Hollenbeck wrote:

> the work of this group is pretty much finished.

Wow.

> One outdated milestone remains: "Oct 04 Provide list of new extensions 
> that
> should be considered to the IESG for charter update consideration"
>
> Given that this milestone has been missed by almost a year and there 
> doesn't
> appear to be any work going on to address it I am inclined to drop the
> milestone, consider the work of this group complete, and close the 
> group.

I think in some sense we've already completed this, in that the most 
important extensions have now been documented.

The only big thing I can think of offhand is XPAT, which we decided to 
defer.  Is anybody interested in facing up to that now?

Any other extensions I've forgotten?

--

-- 
Jeffrey M. Vinocur
jeff <at> litech.org
Permalink | Reply | 1 comment |
headers
Ken Murchison | 27 Sep 2005 16:08

Re: [NNTP] Working Group Closure

Jeffrey M. Vinocur wrote:

> The only big thing I can think of offhand is XPAT, which we decided to defer.

I think it gets enough use that it definitely needs to be addressed. 
IIRC, il8n is the big issue.

> Any other extensions I've forgotten?

There has been the discussion of a "large article numbers" extension, 
and I've been kicking around a "feed control" extension.

--

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     2495 Main St. - Suite 401
716-604-0088 x26      Buffalo, NY 14214
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp
Permalink | Reply | 0 comments |
headers
Ken Murchison | 27 Sep 2005 16:12

Re: [NNTP] Working Group Closure

Scott Hollenbeck wrote:

> That's my proposal.  Speak now if you feel the group should remain open.  If
> you do feel that the group should remain open, you should also explain how
> you will help to complete the work and contribute to work going forward.

There has been talk of rewriting RFC 2980 and/or moving it to 
historical, would this need to be done under the existing WG or a 
followup WG?

--

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     2495 Main St. - Suite 401
716-604-0088 x26      Buffalo, NY 14214
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp
Permalink | Reply | 3 comments |
headers
Scott Hollenbeck | 27 Sep 2005 16:32

RE: [NNTP] Working Group Closure

> -----Original Message-----
> From: Ken Murchison [mailto:ken <at> oceana.com] 
> Sent: Tuesday, September 27, 2005 10:12 AM
> To: ietf-nntp <at> lists.eyrie.org
> Subject: Re: [NNTP] Working Group Closure
> 
> Scott Hollenbeck wrote:
> 
> > That's my proposal.  Speak now if you feel the group should 
> remain open.  If
> > you do feel that the group should remain open, you should 
> also explain how
> > you will help to complete the work and contribute to work 
> going forward.
> 
> There has been talk of rewriting RFC 2980 and/or moving it to 
> historical, would this need to be done under the existing WG or a 
> followup WG?

Recharter or new working group as it's not part of the current charter.
Given the history of this group I'd prefer the new working group option,
though a re-charter to work on a 2980 revision and new extensions is also a
possibility.

My big concern is in ensuring that there's sufficient community commitment
to take on, complete, and review new work.  It took this group a LONG TIME
(draft-ietf-nntpext-base-00 was published in 1998) to do what it was
chartered to do.  Not holding meetings during IETF meetings also concerns me
because the group doesn't get the benefit of the available high-bandwidth,
face-to-face communication opportunities.
(Continue reading)

Permalink | Reply | 2 comments |
headers
The IESG | 27 Sep 2005 17:56
Picon
Favicon

[NNTP] Protocol Action: 'NNTP Extension for Authentication' to Proposed Standard

The IESG has approved the following documents:

- 'Using TLS with NNTP '
   <draft-ietf-nntpext-tls-nntp-09.txt> as a Proposed Standard
- 'NNTP Extension for Authentication '
   <draft-ietf-nntpext-authinfo-10.txt> as a Proposed Standard

These documents are products of the NNTP Extensions Working Group. 

The IESG contact persons are Scott Hollenbeck and Ted Hardie.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-nntpext-authinfo-10.txt

Technical Summary

The TLS extension document defines an extension to the Network News
Transport Protocol (NNTP) to provide connection-based security (via
Transport Layer Security). The primary goal is to provide encryption
for single-link confidentiality purposes, but data integrity, (optional)
certificate-based peer entity authentication, and (optional) data
compression are also possible.

The authinfo extension document defines an extension to NNTP which
allows a client to indicate an authentication mechanism to the server,
perform an authentication protocol exchange, and optionally negotiate
a security layer for subsequent protocol interactions during the
remainder of an NNTP session.

The authinfo document also updates and formalizes the AUTHINFO USER/PASS
(Continue reading)

Permalink | Reply | 1 comment |
headers
Ken Murchison | 28 Sep 2005 03:10

Re: [NNTP] Protocol Action: 'NNTP Extension for Authentication' to Proposed Standard

The IESG wrote:

> The IESG has approved the following documents:
> 
> - 'Using TLS with NNTP '
>    <draft-ietf-nntpext-tls-nntp-09.txt> as a Proposed Standard
> - 'NNTP Extension for Authentication '
>    <draft-ietf-nntpext-authinfo-10.txt> as a Proposed Standard
> 
  > The TLS protocol has been implemented in the Cyrus IMAP server and 
will be
> implemented in INN.
> 
> The AUTHINFO USER/PASS authentication method specified here was
> previously defined less formally in RFC 2980 and is in widespread,
> interoperable use by existing NNTP implementations.  AUTHINFO SASL has
> been implemented for INN and the Cyrus IMAP server.

If I'm not mistaken, AUTHINFO SASL has been implemented in c-client, 
which means that Pine supports it.  I'm also assuming that it supports 
TLS, but Mark can confirm this.

--

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp
Permalink | Reply | 0 comments |
headers
Charles Lindsey | 28 Sep 2005 12:30
Picon
Picon

Re: [NNTP] Working Group Closure

In <courier.433941D5.00003DF5 <at> mail.verisignlabs.com> "Scott Hollenbeck" <sah <at> 428cobrajet.net> writes:

>That's my proposal.  Speak now if you feel the group should remain open.  If
>you do feel that the group should remain open, you should also explain how
>you will help to complete the work and contribute to work going forward.

I believe the most urgent piece of unfinished business is what to do about
overflowed article numbers. Opinions vary as to when this problem will
hit us - some predict as little as two years from now, but a more
realistic estimate would I think be six years, or more.

So if we start now, it should be possible to have a smooth transition
method in place by the time it is needed (but it should not be delayed any
further from now).

Therefore I suggest it might be sensible to recharter the WG specifically
to address this problem and to make proposals.

As to XPAT, which has also been mentioned, the problem there was that it
used wildmats, with their built-in anchoring at both ends - which is fine
when it is only newsgroup-names which need to be matched. I think we
agreed that wildmats were just not the right tool for this job, but it is
not clear what the substitute should be. I think it might be better to
leave that one until the nature of any future I18N becomes more apparent.

--

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133   Web: http://www.cs.man.ac.uk/~chl
Email: chl <at> clerew.man.ac.uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
(Continue reading)

Permalink | Reply | 2 comments |

Gmane