Julien ÉLIE <jul...@trigofacile.com> added the comment: > More significant than my own potentially newbie-ish > opinion is that the RFC suggests as a valid use case > the idea of a client starting up TLS or authentication > in reaction to a 483 command response, rather than right > off the bat.
Yes. (Currently, it would only be TLS with nntplib, because SASL mechanisms which negotiate an encryption layer are not implemented yet in nntplib. But in case someone wishes to test, I have the following capabilities on my news server, news.trigofacile.com : AUTHINFO USER SASL SASL GSSAPI OTP PLAIN NTLM LOGIN DIGEST-MD5 CRAM-MD5 STARTTLS ) > I'm pretty sure this is impossible under the current setup, > where login/encryption happens only at initialization and > there's no method exposed to do it later. Absolutely. > I've been maintaining the readermode_afterauth thing [...] > it smelled bad from the start to me. Yep. According to RFC 4643: Additionally, the client MUST NOT issue a MODE READER command after authentication, and a server MUST NOT advertise the MODE-READER capability. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue1926> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
