Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP)
RFC 4642
Document | Type |
RFC - Proposed Standard
(October 2006; Errata)
Updated by RFC 8143
|
|
---|---|---|---|
Authors | Kenneth Murchison , Chris Newman , Jeffrey Vinocur | ||
Last updated | 2015-10-14 | ||
Stream | Internent Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4642 (Proposed Standard) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Scott Hollenbeck | ||
Send notices to | (None) |
Network Working Group K. Murchison Request for Comments: 4642 Carnegie Mellon University Category: Standards Track J. Vinocur Cornell University C. Newman Sun Microsystems October 2006 Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP) Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2006). Abstract This memo defines an extension to the Network News Transfer Protocol (NNTP) that allows an NNTP client and server to use Transport Layer Security (TLS). The primary goal is to provide encryption for single-link confidentiality purposes, but data integrity, (optional) certificate-based peer entity authentication, and (optional) data compression are also possible. Murchison, et al. Standards Track [Page 1] RFC 4642 Using TLS with NNTP October 2006 Table of Contents 1. Introduction ....................................................2 1.1. Conventions Used in This Document ..........................3 2. The STARTTLS Extension ..........................................3 2.1. Advertising the STARTTLS Extension .........................3 2.2. STARTTLS Command ...........................................4 2.2.1. Usage ...............................................4 2.2.2. Description .........................................4 2.2.3. Examples ............................................6 3. Augmented BNF Syntax for the STARTTLS Extension .................8 3.1. Commands ...................................................8 3.2. Capability entries .........................................8 4. Summary of Response Codes .......................................8 5. Security Considerations .........................................8 6. IANA Considerations ............................................11 7. References .....................................................12 7.1. Normative References ......................................12 7.2. Informative References ....................................12 8. Acknowledgements ...............................................12 1. Introduction Historically, unencrypted NNTP [NNTP] connections were satisfactory for most purposes. However, sending passwords unencrypted over the network is no longer appropriate, and sometimes integrity and/or confidentiality protection are desired for the entire connection. The TLS protocol (formerly known as SSL) provides a way to secure an application protocol from tampering and eavesdropping. Although advanced SASL authentication mechanisms [NNTP-AUTH] can provide a lightweight version of this service, TLS is complimentary to both simple authentication-only SASL mechanisms and deployed clear-text password login commands. In some existing implementations, TCP port 563 has been dedicated to NNTP over TLS. These implementations begin the TLS negotiation immediately upon connection and then continue with the initial steps of an NNTP session. This use of TLS on a separate port is discouraged for the reasons documented in Section 7 of "Using TLS with IMAP, POP3 and ACAP" [TLS-IMAPPOP]. This specification formalizes the STARTTLS command already in occasional use by the installed base. The STARTTLS command rectifies a number of the problems with using a separate port for a "secure" protocol variant; it is the preferred way of using TLS with NNTP. Murchison, et al. Standards Track [Page 2] RFC 4642 Using TLS with NNTP October 2006 1.1. Conventions Used in This Document The notational conventions used in this document are the same as those in [NNTP], and any term not defined in this document has the same meaning as in that one. The key words "REQUIRED", "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", "MAY", and "OPTIONAL" in this document are to be interpreted as described in "Key words for use in RFCs to Indicate Requirement Levels" [KEYWORDS]. In the examples, commands from the client are indicated with [C], and responses from the server are indicated with [S].Show full document text