On Sep 02, 2015, at 11:20, Julien ÉLIE <jul...@trigofacile.com> wrote:
> Hi Rich, > >>> Maybe a new RFC obsoleting RFC 4642 (which could at the same time >>> become a standard instead of a proposed standard)? >> >> Is there any reason why NNTP cannot just use the UTA specifications? > > When you speak about the UTA specifications, is it RFC 7525 "Recommendations > for Secure Use of Transport Layer Security and Datagram Transport Layer > Security"? > I do not see other document published by the UTA WG that could otherwise > apply. > > Yet, NNTP still needs an RFC to specify the use of TLS because two specific > NNTP response codes are defined for the STARTTLS command: > > 382 Continue with TLS negotiation > 580 Can not initiate TLS negotiation > > and the STARTTLS capability has to be standardized in response to the > CAPABILITIES command -- which is a new command that did not exist when you > wrote INN :-) > > > Maybe I misunderstood your remark about the UTA specification, though. Julien, I guess I’m not following why we need a new NNTP draft either. If you’re looking or something that specifically updates the NNTP MTI cipher suites, then there isn’t such an RFC. But, RFC 7525 (aka BCP 195) points to RFC 7465 that prohibits RFC4 (for all versions of TLS), so if an NNTP implementer is faithfully implementing TLS and related RFCs then they’ll end up supporting TLS 1.2 with one of the cipher suites in s4.2 of RFC 7525. If you really, really want to have something that updates RFC 4642 (likely referring to BCP 195), then there’s nothing stopping you from writing that draft. If you get no nibbles on said draft from the ietf-nntp list I’d try UTA (http://datatracker.ietf.org/wg/uta/charter/). Note that said draft is out-of-scope for the TLS WG. spt _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
