Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.toronto.edu!ietf-nntp-distribution-owner
Message-ID: <9106061613.AA12033@funet.fi>
Original-To: Eliot <lear@turbo.bio.net>
Original-Cc: ietf-nntp@turbo.bio.net
Subject: Re: a new nntp draft
References: Your message of Tue, 04 Jun 91 13:42:47 -0700. <scGzh726f095BarU9t@turbo.bio.net>
Date: Thu, 6 Jun 1991 12:13:26 -0400
From: Harri.Salminen@funet.fi (Harri K Salminen)
Newsgroups: list.ietf-nntp
Distribution: list
Sender: list-admin@cs.toronto.edu
Approved: list.ietf-nntp@mail.cs.toronto.edu
Lines:       17

Your message dated: Tue, 04 Jun 91 13:42:47 PDT

> - What form of access control / authentication mechanism should we include?

My colleague Pekka Kyt|laakso who's just about to join this list
brought just to my attention the version 5 of Kerberos which
is currently in beta test. It seems that it doesn't have anymore
licensing problems since you can ad whatever encryption libraries you
want (and we do have European public DES implementations on the Eurpean
Internet). In addition it seems to support now large interdomain
connectivity and multiple addressing (in case you wanted to run NNTP
over decnet or OSI) etc. There should be more info at the MIT Athena
archive (or nic.funet.fi). So as standard methods we could have
password/userid authentication mode and Kerberos at least. Maybe a separate
command to select some other than standard DES encryption too.

Harri