Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP)
RFC 4642
| Document | Type |
RFC - Proposed Standard
(October 2006; Errata)
Updated by RFC 8143
|
|
|---|---|---|---|
| Authors | Kenneth Murchison , Chris Newman , Jeffrey Vinocur | ||
| Last updated | 2015-10-14 | ||
| Stream | Internent Engineering Task Force (IETF) | ||
| Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
| Stream | WG state | (None) | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | RFC 4642 (Proposed Standard) | |
| Action Holders |
(None)
|
||
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | Scott Hollenbeck | ||
| Send notices to | (None) | ||
Network Working Group K. Murchison
Request for Comments: 4642 Carnegie Mellon University
Category: Standards Track J. Vinocur
Cornell University
C. Newman
Sun Microsystems
October 2006
Using Transport Layer Security (TLS)
with Network News Transfer Protocol (NNTP)
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2006).
Abstract
This memo defines an extension to the Network News Transfer Protocol
(NNTP) that allows an NNTP client and server to use Transport Layer
Security (TLS). The primary goal is to provide encryption for
single-link confidentiality purposes, but data integrity, (optional)
certificate-based peer entity authentication, and (optional) data
compression are also possible.
Murchison, et al. Standards Track [Page 1]
RFC 4642 Using TLS with NNTP October 2006
Table of Contents
1. Introduction ....................................................2
1.1. Conventions Used in This Document ..........................3
2. The STARTTLS Extension ..........................................3
2.1. Advertising the STARTTLS Extension .........................3
2.2. STARTTLS Command ...........................................4
2.2.1. Usage ...............................................4
2.2.2. Description .........................................4
2.2.3. Examples ............................................6
3. Augmented BNF Syntax for the STARTTLS Extension .................8
3.1. Commands ...................................................8
3.2. Capability entries .........................................8
4. Summary of Response Codes .......................................8
5. Security Considerations .........................................8
6. IANA Considerations ............................................11
7. References .....................................................12
7.1. Normative References ......................................12
7.2. Informative References ....................................12
8. Acknowledgements ...............................................12
1. Introduction
Historically, unencrypted NNTP [NNTP] connections were satisfactory
for most purposes. However, sending passwords unencrypted over the
network is no longer appropriate, and sometimes integrity and/or
confidentiality protection are desired for the entire connection.
The TLS protocol (formerly known as SSL) provides a way to secure an
application protocol from tampering and eavesdropping. Although
advanced SASL authentication mechanisms [NNTP-AUTH] can provide a
lightweight version of this service, TLS is complimentary to both
simple authentication-only SASL mechanisms and deployed clear-text
password login commands.
In some existing implementations, TCP port 563 has been dedicated to
NNTP over TLS. These implementations begin the TLS negotiation
immediately upon connection and then continue with the initial steps
of an NNTP session. This use of TLS on a separate port is
discouraged for the reasons documented in Section 7 of "Using TLS
with IMAP, POP3 and ACAP" [TLS-IMAPPOP].
This specification formalizes the STARTTLS command already in
occasional use by the installed base. The STARTTLS command rectifies
a number of the problems with using a separate port for a "secure"
protocol variant; it is the preferred way of using TLS with NNTP.
Murchison, et al. Standards Track [Page 2]
RFC 4642 Using TLS with NNTP October 2006
1.1. Conventions Used in This Document
The notational conventions used in this document are the same as
those in [NNTP], and any term not defined in this document has the
same meaning as in that one.
The key words "REQUIRED", "MUST", "MUST NOT", "SHOULD", "SHOULD NOT",
"MAY", and "OPTIONAL" in this document are to be interpreted as
described in "Key words for use in RFCs to Indicate Requirement
Levels" [KEYWORDS].
In the examples, commands from the client are indicated with [C], and
responses from the server are indicated with [S].
Show full document text