Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP)
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: Internet Architecture Board <firstname.lastname@example.org>, RFC Editor <email@example.com>, nntpext mailing list <firstname.lastname@example.org>, nntpext chair <email@example.com> Subject: Protocol Action: 'NNTP Extension for Authentication' to Proposed Standard The IESG has approved the following documents: - 'Using TLS with NNTP ' <draft-ietf-nntpext-tls-nntp-10.txt> as a Proposed Standard - 'NNTP Extension for Authentication ' <draft-ietf-nntpext-authinfo-11.txt> as a Proposed Standard These documents are products of the NNTP Extensions Working Group. The IESG contact persons are Scott Hollenbeck and Lisa Dusseault. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-nntpext-authinfo-11.txt
Technical Summary The TLS extension document defines an extension to the Network News Transport Protocol (NNTP) to provide connection-based security (via Transport Layer Security). The primary goal is to provide encryption for single-link confidentiality purposes, but data integrity, (optional) certificate-based peer entity authentication, and (optional) data compression are also possible. The authinfo extension document defines an extension to NNTP which allows a client to indicate an authentication mechanism to the server, perform an authentication protocol exchange, and optionally negotiate a security layer for subsequent protocol interactions during the remainder of an NNTP session. The authinfo document also updates and formalizes the AUTHINFO USER/PASS authentication method specified in RFC 2980 and deprecates the AUTHINFO SIMPLE and AUTHINFO GENERIC authentication methods. Additionally, this document defines a profile of the Simple Authentication and Security Layer (SASL) for NNTP. Working Group Summary Both the AUTHINFO and TLS drafts were written based on the standard SASL and STARTTLS specifications for other protocols. The working group then hammered out reasonable status codes, interaction with other portions of the NNTP protocol, and the documentation of the legacy AUTHINFO USER command. Both documents are believed to be generic and straightforward implementations of the standard SASL and STARTTLS protocols, copying where possible what was done for POP, IMAP, and SMTP. The NNTPEXT WG achieved consensus on both documents. Protocol Quality Scott Hollenbeck has reviewed these specifications for the IESG. The TLS protocol has been implemented in the Cyrus IMAP server and will be implemented in INN. The AUTHINFO USER/PASS authentication method specified here was previously defined less formally in RFC 2980 and is in widespread, interoperable use by existing NNTP implementations. AUTHINFO SASL has been implemented for INN and the Cyrus IMAP server.