Author StevenJ
Recipients StevenJ, ajvant, brian.curtin, chasonr, christian.heimes, giampaolo.rodola, janssen, jelie, pitrou
Date 2010-11-05.01:04:03
SpamBayes Score 2.46991e-08
Marked as misclassified No
Message-id <1288919107.48.0.763346414905.issue1926@psf.upfronthosting.co.za>
In-reply-to
Content
Hi Julien,

>> I also don't understand why START_TLS and AUTHINFO need to change
>> how the module is interfaced to (separating log in/authentication, etc)

> Because once you have used AUTHINFO, STARTTLS is no longer a valid
> command in a session.

I understand this, but doesn't this mean the init function needs to change to something like:

init:
  if capability STARTTLS is advertised 
    STARTLS stuff
    reget capabilities because STARTTLS changed them probably

  Now handle AUTHINFO Stuff

Is there a case where a server advertises STARTTLS and one would not use it?  If so then couldn't that just be handled with an option to the class inhibiting it?

This is one of the reasons why I proposed dividing the job across two features. 
1. Simple NNTPS which seems to be the most common secured NNTP in use at the moment and is easy to implement, and verify (either as an improvement to the NNTP class or as a new NNTP_SSL class). 
2. SASL AUTHINFO/STARTTLS Extension handling implementation and improvements.  

There are also other bugs with properly handling capabilities at start related to this, are there not? http://bugs.python.org/issue10287
History
Date User Action Args
2010-11-05 01:05:07StevenJsetrecipients: + StevenJ, janssen, pitrou, giampaolo.rodola, christian.heimes, chasonr, brian.curtin, ajvant, jelie
2010-11-05 01:05:07StevenJsetmessageid: <1288919107.48.0.763346414905.issue1926@psf.upfronthosting.co.za>
2010-11-05 01:04:07StevenJlinkissue1926 messages
2010-11-05 01:04:04StevenJcreate