Hi Viktor,
It would be best if NNTP did not specify MTI TLS ciphersuites and left that to the relevant TLS specifications. Instead, it would be more useful to specify a minimum TLS protocol version, and require each side to support the MTI ciphers for each supported protocol version.
OK thanks, that seems wise.
It seems that 4642 is rather muddy on whether TLS in NNTP is opportunistic or not. On the one hand it requires server authentication, which seems to be mitigation of active attacks via mandatory TLS, and on the other it talks about clients possibly continuing despite absence of STARTTLS capability or STARTTLS failure. If an update is published, it should resolve the opportunistic vs. mandatory TLS confusion, possibly by describing two separate modes of operation.
Noted, thanks.
AFAIK, NNTP peering relationships are fairly static, and mandatory TLS seems like the way to go in that case. But if NNTP servers contact other servers "on the fly", then opportunistic TLS may be appropriate and one might even consider DANE to harden that.
You're right that NNTP peering is fairly static. However, TLS is rarely used for NNTP peering between two servers. TLS is more wide-spread for the connection of a news client to a news server so as to read or post articles.
-- Julien ÉLIE « Vous savez, les idées, elles sont dans l'air. Il suffit que quelqu'un vous en parle de trop près, pour que vous les attrapiez ! » (Raymond Devos) _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
