Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP)
RFC 4642

 
Document Type RFC - Proposed Standard (October 2006; Errata)
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Consensus Unknown
Document shepherd No shepherd assigned
IESG IESG state RFC 4642 (Proposed Standard)
Telechat date
Responsible AD Scott Hollenbeck
Send notices to ned.freed@mrochek.com, rra@stanford.edu
Network Working Group                                       K. Murchison
Request for Comments: 4642                    Carnegie Mellon University
Category: Standards Track                                     J. Vinocur
                                                      Cornell University
                                                               C. Newman
                                                        Sun Microsystems
                                                            October 2006

                 Using Transport Layer Security (TLS)
               with Network News Transfer Protocol (NNTP)

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   This memo defines an extension to the Network News Transfer Protocol
   (NNTP) that allows an NNTP client and server to use Transport Layer
   Security (TLS).  The primary goal is to provide encryption for
   single-link confidentiality purposes, but data integrity, (optional)
   certificate-based peer entity authentication, and (optional) data
   compression are also possible.

Murchison, et al.           Standards Track                     [Page 1]
RFC 4642                  Using TLS with NNTP               October 2006

Table of Contents

   1. Introduction ....................................................2
      1.1. Conventions Used in This Document ..........................3
   2. The STARTTLS Extension ..........................................3
      2.1. Advertising the STARTTLS Extension .........................3
      2.2. STARTTLS Command ...........................................4
           2.2.1. Usage ...............................................4
           2.2.2. Description .........................................4
           2.2.3. Examples ............................................6
   3. Augmented BNF Syntax for the STARTTLS Extension .................8
      3.1. Commands ...................................................8
      3.2. Capability entries .........................................8
   4. Summary of Response Codes .......................................8
   5. Security Considerations .........................................8
   6. IANA Considerations ............................................11
   7. References .....................................................12
      7.1. Normative References ......................................12
      7.2. Informative References ....................................12
   8. Acknowledgements ...............................................12

1. Introduction

   Historically, unencrypted NNTP [NNTP] connections were satisfactory
   for most purposes.  However, sending passwords unencrypted over the
   network is no longer appropriate, and sometimes integrity and/or
   confidentiality protection are desired for the entire connection.

   The TLS protocol (formerly known as SSL) provides a way to secure an
   application protocol from tampering and eavesdropping.  Although
   advanced SASL authentication mechanisms [NNTP-AUTH] can provide a
   lightweight version of this service, TLS is complimentary to both
   simple authentication-only SASL mechanisms and deployed clear-text
   password login commands.

   In some existing implementations, TCP port 563 has been dedicated to
   NNTP over TLS.  These implementations begin the TLS negotiation
   immediately upon connection and then continue with the initial steps
   of an NNTP session.  This use of TLS on a separate port is
   discouraged for the reasons documented in Section 7 of "Using TLS
   with IMAP, POP3 and ACAP" [TLS-IMAPPOP].

   This specification formalizes the STARTTLS command already in
   occasional use by the installed base.  The STARTTLS command rectifies
   a number of the problems with using a separate port for a "secure"
   protocol variant; it is the preferred way of using TLS with NNTP.

Murchison, et al.           Standards Track                     [Page 2]
RFC 4642                  Using TLS with NNTP               October 2006

1.1. Conventions Used in This Document

   The notational conventions used in this document are the same as
   those in [NNTP], and any term not defined in this document has the
   same meaning as in that one.

   The key words "REQUIRED", "MUST", "MUST NOT", "SHOULD", "SHOULD NOT",
Show full document text