Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP)
RFC 4642

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>, 
    nntpext mailing list <ietf-nntp@lists.eyrie.org>, 
    nntpext chair <nntpext-chairs@tools.ietf.org>
Subject: Protocol Action: 'NNTP Extension for Authentication' to 
         Proposed Standard 

The IESG has approved the following documents:

- 'Using TLS with NNTP '
   <draft-ietf-nntpext-tls-nntp-10.txt> as a Proposed Standard
- 'NNTP Extension for Authentication '
   <draft-ietf-nntpext-authinfo-11.txt> as a Proposed Standard

These documents are products of the NNTP Extensions Working Group. 

The IESG contact persons are Scott Hollenbeck and Lisa Dusseault.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-nntpext-authinfo-11.txt

Technical Summary

The TLS extension document defines an extension to the Network News
Transport Protocol (NNTP) to provide connection-based security (via
Transport Layer Security). The primary goal is to provide encryption
for single-link confidentiality purposes, but data integrity, (optional)
certificate-based peer entity authentication, and (optional) data
compression are also possible.

The authinfo extension document defines an extension to NNTP which
allows a client to indicate an authentication mechanism to the server,
perform an authentication protocol exchange, and optionally negotiate
a security layer for subsequent protocol interactions during the
remainder of an NNTP session.

The authinfo document also updates and formalizes the AUTHINFO USER/PASS
authentication method specified in RFC 2980 and deprecates the AUTHINFO
SIMPLE and AUTHINFO GENERIC authentication methods.  Additionally, this
document defines a profile of the Simple Authentication and Security
Layer (SASL) for NNTP.
 
Working Group Summary
 
Both the AUTHINFO and TLS drafts were written based on the standard SASL
and STARTTLS specifications for other protocols.  The working group then
hammered out reasonable status codes, interaction with other portions of
the NNTP protocol, and the documentation of the legacy AUTHINFO USER
command.  Both documents are believed to be generic and straightforward
implementations of the standard SASL and STARTTLS protocols, copying where
possible what was done for POP, IMAP, and SMTP.

The NNTPEXT WG achieved consensus on both documents.
 
Protocol Quality
 
Scott Hollenbeck has reviewed these specifications for the IESG.

The TLS protocol has been implemented in the Cyrus IMAP server and will be
implemented in INN.

The AUTHINFO USER/PASS authentication method specified here was
previously defined less formally in RFC 2980 and is in widespread,
interoperable use by existing NNTP implementations.  AUTHINFO SASL has
been implemented for INN and the Cyrus IMAP server.