- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Fri, 10 Nov 2006 11:03:56 -0800
- To: Frank Ellermann <nobody@xyzzy.claranet.de>
- Cc: uri-review@ietf.org, uri@w3.org
The entire definition seems wrong to me. Traditionally, all of the "s" schemes mean that a secure connection must be used to access the resource. The notion of secure-before-access is a common pattern that applies regardless of STARTTLS support -- it says that some form of secure connection is required with the access. In other words, the definition should be that snews indicates a requirement that either RFC4642-style STARTTLS must be negotiated with the server or that a TLS connection should be initiated first. One way to deploy such a change is to say that if the port is empty or 563, then initiate TLS first; otherwise, do RFC4642. In any case, snews is not a historical scheme. It is still necessary to inform the client of the need for STARTTLS *before* they start sending requests via NNTP. ....Roy
Received on Friday, 10 November 2006 19:03:34 UTC