W3C home > Mailing lists > Public > uri@w3.org > November 2006

Re: [Uri-review] snews 4395-review

From: Roy T. Fielding <fielding@gbiv.com>
Date: Fri, 10 Nov 2006 11:03:56 -0800
Message-Id: <A6F4C522-D97C-46E1-A9E1-114EAE2AA876@gbiv.com>
Cc: uri-review@ietf.org, uri@w3.org
To: Frank Ellermann <nobody@xyzzy.claranet.de>

The entire definition seems wrong to me.  Traditionally, all of the
"s" schemes mean that a secure connection must be used to access
the resource.  The notion of secure-before-access is a common pattern
that applies regardless of STARTTLS support -- it says that some
form of secure connection is required with the access.

In other words, the definition should be that snews indicates
a requirement that either RFC4642-style STARTTLS must be negotiated
with the server or that a TLS connection should be initiated first.
One way to deploy such a change is to say that if the port is
empty or 563, then initiate TLS first; otherwise, do RFC4642.

In any case, snews is not a historical scheme.  It is still
necessary to inform the client of the need for STARTTLS *before*
they start sending requests via NNTP.

Received on Friday, 10 November 2006 19:03:34 UTC

This archive was generated by hypermail 2.4.0 : Sunday, 10 October 2021 22:17:49 UTC