Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!ucbvax!ucsd!brian
From: brian@ucsd.EDU (Brian Kantor)
Newsgroups: news.software.nntp
Subject: Re: NNTP authentication
Message-ID: <1694@ucsd.EDU>
Date: 4 May 89 06:53:41 GMT
References: <13084@paris.ics.uci.edu> <11637@s.ms.uky.edu>
Reply-To: brian@ucsd.edu (Brian Kantor)
Organization: The Avant-Garde of the Now, Ltd.
Lines: 16

I think Phil, Erik, and I are in agreement that any authentication of
readers or posters is not possible in NNTP using the current spec.

My feeling is that such is just a specific case of the general problem
of authentication on networks; something like Kerberos seems to be
the right approach and might well be something we should add to a
revised NNTP spec.  

User and time-of-day as well as other access controls aren't really the
province of the Network News TRANSPORT Protocol spec, but it's clear
that we should have some provision to accomodate them, if only by having
some way to pass security transactions around as part of the nntp
session.

I've being vague intentionally.
	- Brian