[issue1926] NNTPS support in nntplib

2010-11-03 Thread StevenJ

StevenJ  added the comment:

I too was just looking at NNTPS support because I have a need for it. The 
latest patch looks like great work and I think the things it implements are 
needed for this library.  But it seems to me that the latest patch combines 3 
things which might otherwise be able to be separately considered. NNTPS, 
START_TLS (RFC 4642) extension and AUTHINFO extension (RFC 4643).  It may be 
that START_TLS and AUTHINFO are indivisible, I need to read those more, but 
shouldn't that be a new topic of discussion as this feature request is for 
NNTPS support?

I also don't understand the difficulty with plain NNTPS as it doesn't need a 
new interface a very simple patch (attached) achieves NNTPS?? (Most of the 
patch is test case and variant defaults.  The actual NNTPS code is just:
+# Make sure we can actually use ssl if its attempted.
+if ssl_context:
+  self.sslcontext = ssl_context
+  self.sock = self.sslcontext.wrap_socket(self.sock)


I also don't understand why START_TLS and AUTHINFO need to change how the 
module is interfaced to (separating log in/authentication, etc), my reading of 
START_TLS and AUTHINFO seem to me that it should all be under the covers.  It 
even explains this in Section 7 of "Using TLS
with IMAP, POP3 and ACAP" [TLS-IMAPPOP].  That the idea is "It just works".  So 
surely if someone uses this module and they do not specify NNTPS and it 
supports START_TLS and AUTHINFO and so does the server then it just works.  
Otherwise it seems a bunch of NNTP Extension requirements and processing spills 
over to the users of this module when they can probably be contained locally??

Perhaps there needs to be a separate feature request "START_TLS and AUTHINFO 
extension support for nntplib" so the issues and any necessary interface 
changes can be considered in isolation from simple NNTP over SSL?

I think it would be nice to have NNTPS in for 3.2.

--
nosy: +StevenJ
Added file: http://bugs.python.org/file19485/nntps_only_patch.diff

___
Python tracker 
<http://bugs.python.org/issue1926>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue1926] NNTPS support in nntplib

2010-11-04 Thread StevenJ

StevenJ  added the comment:

Hi Julien,

>> I also don't understand why START_TLS and AUTHINFO need to change
>> how the module is interfaced to (separating log in/authentication, etc)

> Because once you have used AUTHINFO, STARTTLS is no longer a valid
> command in a session.

I understand this, but doesn't this mean the init function needs to change to 
something like:

init:
  if capability STARTTLS is advertised 
STARTLS stuff
reget capabilities because STARTTLS changed them probably

  Now handle AUTHINFO Stuff

Is there a case where a server advertises STARTTLS and one would not use it?  
If so then couldn't that just be handled with an option to the class inhibiting 
it?

This is one of the reasons why I proposed dividing the job across two features. 
1. Simple NNTPS which seems to be the most common secured NNTP in use at the 
moment and is easy to implement, and verify (either as an improvement to the 
NNTP class or as a new NNTP_SSL class). 
2. SASL AUTHINFO/STARTTLS Extension handling implementation and improvements.  

There are also other bugs with properly handling capabilities at start related 
to this, are there not? http://bugs.python.org/issue10287

--

___
Python tracker 
<http://bugs.python.org/issue1926>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue1926] NNTPS support in nntplib

2010-11-06 Thread StevenJ

StevenJ  added the comment:

The only comment I have is, if the caller needs to organise when to auth and 
instigate tls then for completeness getcapabilities() should have an option to 
force a reget of the current capabilities, in line with rfc3977 5.2.2:

> An NNTP client MAY cache the results of this command, but MUST NOT 
> rely on the correctness of any cached results, whether from earlier
> in this session or from a previous session, MUST cope gracefully 
> with the cached status being out of date, and SHOULD (if caching
> results) provide a way to force the cached information to be
> refreshed.

As it stands, the nntplib can cause the cached capabilities to be refreshed at 
certain points automatically (as it should), but I 
think it should be possible for the caller of the method to also specify that 
fresh capabilities are required and not cached ones.

something like this perhaps? :

mynntp.getcapabilites(refresh=True)

--

___
Python tracker 
<http://bugs.python.org/issue1926>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com