Network Working Group K. Murchison Request for Comments: 4642 Carnegie Mellon University Category: Standards Track J. Vinocur Cornell University C. Newman Sun Microsystems October 2006
Network Working Group K. Murchison Request for Comments: 4642 Carnegie Mellon University Category: Standards Track J. Vinocur Cornell University C. Newman Sun Microsystems October 2006
Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP)
将传输层安全(TLS)与网络新闻传输协议(NNTP)结合使用
Status of This Memo
关于下段备忘
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2006).
版权所有(C)互联网协会(2006年)。
Abstract
摘要
This memo defines an extension to the Network News Transfer Protocol (NNTP) that allows an NNTP client and server to use Transport Layer Security (TLS). The primary goal is to provide encryption for single-link confidentiality purposes, but data integrity, (optional) certificate-based peer entity authentication, and (optional) data compression are also possible.
此备忘录定义了网络新闻传输协议(NNTP)的扩展,允许NNTP客户端和服务器使用传输层安全性(TLS)。主要目标是为单链路保密目的提供加密,但数据完整性、(可选)基于证书的对等实体身份验证和(可选)数据压缩也是可能的。
Table of Contents
目录
1. Introduction ....................................................2 1.1. Conventions Used in This Document ..........................3 2. The STARTTLS Extension ..........................................3 2.1. Advertising the STARTTLS Extension .........................3 2.2. STARTTLS Command ...........................................4 2.2.1. Usage ...............................................4 2.2.2. Description .........................................4 2.2.3. Examples ............................................6 3. Augmented BNF Syntax for the STARTTLS Extension .................8 3.1. Commands ...................................................8 3.2. Capability entries .........................................8 4. Summary of Response Codes .......................................8 5. Security Considerations .........................................8 6. IANA Considerations ............................................11 7. References .....................................................12 7.1. Normative References ......................................12 7.2. Informative References ....................................12 8. Acknowledgements ...............................................12
1. Introduction ....................................................2 1.1. Conventions Used in This Document ..........................3 2. The STARTTLS Extension ..........................................3 2.1. Advertising the STARTTLS Extension .........................3 2.2. STARTTLS Command ...........................................4 2.2.1. Usage ...............................................4 2.2.2. Description .........................................4 2.2.3. Examples ............................................6 3. Augmented BNF Syntax for the STARTTLS Extension .................8 3.1. Commands ...................................................8 3.2. Capability entries .........................................8 4. Summary of Response Codes .......................................8 5. Security Considerations .........................................8 6. IANA Considerations ............................................11 7. References .....................................................12 7.1. Normative References ......................................12 7.2. Informative References ....................................12 8. Acknowledgements ...............................................12
Historically, unencrypted NNTP [NNTP] connections were satisfactory for most purposes. However, sending passwords unencrypted over the network is no longer appropriate, and sometimes integrity and/or confidentiality protection are desired for the entire connection.
历史上,未加密的NNTP[NNTP]连接在大多数情况下都是令人满意的。但是,通过网络发送未加密的密码不再合适,有时需要为整个连接提供完整性和/或机密性保护。
The TLS protocol (formerly known as SSL) provides a way to secure an application protocol from tampering and eavesdropping. Although advanced SASL authentication mechanisms [NNTP-AUTH] can provide a lightweight version of this service, TLS is complimentary to both simple authentication-only SASL mechanisms and deployed clear-text password login commands.
TLS协议(以前称为SSL)提供了一种保护应用程序协议免受篡改和窃听的方法。尽管高级SASL身份验证机制[NNTP-AUTH]可以提供此服务的轻量级版本,但TLS是对仅限身份验证的SASL机制和已部署的明文密码登录命令的补充。
In some existing implementations, TCP port 563 has been dedicated to NNTP over TLS. These implementations begin the TLS negotiation immediately upon connection and then continue with the initial steps of an NNTP session. This use of TLS on a separate port is discouraged for the reasons documented in Section 7 of "Using TLS with IMAP, POP3 and ACAP" [TLS-IMAPPOP].
在一些现有实现中,TCP端口563专用于TLS上的NNTP。这些实现在连接后立即开始TLS协商,然后继续NNTP会话的初始步骤。由于“将TLS与IMAP、POP3和ACAP一起使用”[TLS-IMAPPOP]第7节中记录的原因,不鼓励在单独端口上使用TLS。
This specification formalizes the STARTTLS command already in occasional use by the installed base. The STARTTLS command rectifies a number of the problems with using a separate port for a "secure" protocol variant; it is the preferred way of using TLS with NNTP.
本规范正式规定了已安装用户偶尔使用的STARTTLS命令。STARTTLS命令纠正了为“安全”协议变体使用单独端口的许多问题;这是将TLS与NNTP一起使用的首选方法。
The notational conventions used in this document are the same as those in [NNTP], and any term not defined in this document has the same meaning as in that one.
本文件中使用的符号约定与[NNTP]中的符号约定相同,本文件中未定义的任何术语具有与该文件中相同的含义。
The key words "REQUIRED", "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", "MAY", and "OPTIONAL" in this document are to be interpreted as described in "Key words for use in RFCs to Indicate Requirement Levels" [KEYWORDS].
本文件中的关键词“必需”、“必须”、“不得”、“应该”、“不应该”、“可能”和“可选”应按照“RFC中用于指示需求水平的关键词”[关键词]中的描述进行解释。
In the examples, commands from the client are indicated with [C], and responses from the server are indicated with [S].
在示例中,来自客户端的命令用[C]表示,来自服务器的响应用[S]表示。
This extension provides a new STARTTLS command and has the capability label STARTTLS.
此扩展提供了一个新的STARTTLS命令,并具有能力标签STARTTLS。
A server supporting the STARTTLS command as defined in this document will advertise the "STARTTLS" capability label in response to the CAPABILITIES command ([NNTP] Section 5.2). However, this capability MUST NOT be advertised once a TLS layer is active (see Section 2.2.2) or after successful authentication [NNTP-AUTH]. This capability MAY be advertised both before and after any use of the MODE READER command ([NNTP] Section 5.3), with the same semantics.
支持本文件中定义的STARTTLS命令的服务器将公布“STARTTLS”能力标签,以响应能力命令([NNTP]第5.2节)。但是,一旦TLS层处于活动状态(见第2.2.2节)或在成功验证[NNTP-AUTH]后,不得公布此功能。在使用模式读取器命令之前和之后([NNTP]第5.3节),可以使用相同的语义公布此功能。
As the STARTTLS command is related to security, cached results of CAPABILITIES from a previous session MUST NOT be relied on, as per Section 12.6 of [NNTP].
根据[NNTP]第12.6节的规定,由于STARTTLS命令与安全性相关,因此不得依赖上一个会话的缓存功能结果。
Example:
例子:
[C] CAPABILITIES [S] 101 Capability list: [S] VERSION 2 [S] READER [S] IHAVE [S] STARTTLS [S] LIST ACTIVE NEWSGROUPS [S] .
[C] CAPABILITIES [S] 101 Capability list: [S] VERSION 2 [S] READER [S] IHAVE [S] STARTTLS [S] LIST ACTIVE NEWSGROUPS [S] .
This command MUST NOT be pipelined.
此命令不能通过管道传输。
Syntax STARTTLS
语法标准
Responses
响应
382 Continue with TLS negotiation 502 Command unavailable [1] 580 Can not initiate TLS negotiation
382继续TLS协商502命令不可用[1]580无法启动TLS协商
[1] If a TLS layer is already active, or if authentication has occurred, STARTTLS is not a valid command (see Section 2.2.2).
[1] 如果TLS层已处于活动状态,或者发生了身份验证,则STARTTLS不是有效的命令(请参阅第2.2.2节)。
NOTE: Notwithstanding Section 3.2.1 of [NNTP], the server MUST NOT return either 480 or 483 in response to STARTTLS.
注:尽管有[NNTP]第3.2.1节的规定,服务器不得返回480或483以响应STARTTLS。
A client issues the STARTTLS command to request negotiation of TLS. The STARTTLS command is usually used to initiate session security, although it can also be used for client and/or server certificate authentication and/or data compression.
客户端发出STARTTLS命令以请求TLS协商。STARTTLS命令通常用于启动会话安全性,但也可用于客户端和/或服务器证书身份验证和/或数据压缩。
An NNTP server returns the 483 response to indicate that a secure or encrypted connection is required for the command sent by the client. Use of the STARTTLS command as described below is one way to establish a connection with these properties. The client MAY therefore use the STARTTLS command after receiving a 483 response.
NNTP服务器返回483响应,以指示客户端发送的命令需要安全或加密的连接。使用如下所述的STARTTLS命令是建立与这些属性的连接的一种方法。因此,客户端可以在收到483响应后使用STARTTLS命令。
If a server advertises the STARTTLS capability, a client MAY attempt to use the STARTTLS command at any time during a session to negotiate TLS without having received a 483 response. Servers SHOULD accept such unsolicited TLS negotiation requests.
如果服务器播发STARTTLS功能,则客户端可在会话期间的任何时间尝试使用STARTTLS命令协商TLS,而无需收到483响应。服务器应接受此类未经请求的TLS协商请求。
If the server is unable to initiate the TLS negotiation for any reason (e.g., a server configuration or resource problem), the server MUST reject the STARTTLS command with a 580 response. Then, it SHOULD either reject subsequent restricted NNTP commands from the client with a 483 response code (possibly with a text string such as "Command refused due to lack of security") or reject a subsequent restricted command with a 400 response code (possibly with a text string such as "Connection closing due to lack of security") and close the connection. Otherwise, the server issues a 382 response,
如果服务器因任何原因(例如,服务器配置或资源问题)无法启动TLS协商,则服务器必须以580响应拒绝STARTTLS命令。然后,它应该使用483响应代码拒绝来自客户端的后续受限NNTP命令(可能使用文本字符串,如“由于缺乏安全性而拒绝的命令”),或者使用400响应代码拒绝后续受限命令(可能使用文本字符串,如“由于缺乏安全性而关闭连接”)然后关闭连接。否则,服务器将发出382响应,
and TLS negotiation begins. A server MUST NOT under any circumstances reply to a STARTTLS command with either a 480 or 483 response.
TLS谈判开始了。在任何情况下,服务器都不得以480或483响应回复STARTTLS命令。
If the client receives a failure response to STARTTLS, the client must decide whether or not to continue the NNTP session. Such a decision is based on local policy. For instance, if TLS was being used for client authentication, the client might try to continue the session in case the server allows it to do so even with no authentication. However, if TLS was being negotiated for encryption, a client that gets a failure response needs to decide whether to continue without TLS encryption, to wait and try again later, or to give up and notify the user of the error.
如果客户端收到对STARTTLS的失败响应,则客户端必须决定是否继续NNTP会话。这样的决定是基于当地的政策。例如,如果TLS被用于客户端身份验证,那么客户端可能会尝试继续会话,以防服务器允许它这样做,即使没有身份验证。但是,如果正在协商TLS以进行加密,则获得失败响应的客户端需要决定是否在不使用TLS加密的情况下继续、等待并稍后重试,或者放弃并通知用户错误。
Upon receiving a 382 response to a STARTTLS command, the client MUST start the TLS negotiation before giving any other NNTP commands. The TLS negotiation begins for both the client and server with the first octet following the CRLF of the 382 response. If, after having issued the STARTTLS command, the client finds out that some failure prevents it from actually starting a TLS handshake, then it SHOULD immediately close the connection.
在收到对STARTTLS命令的382响应后,客户端必须在发出任何其他NNTP命令之前启动TLS协商。客户机和服务器的TLS协商开始于382响应的CRLF之后的第一个八位组。如果在发出STARTTLS命令后,客户端发现某些故障阻止它实际启动TLS握手,那么它应该立即关闭连接。
Servers MUST be able to understand backwards-compatible TLS Client Hello messages (provided that client_version is TLS 1.0 or later), and clients MAY use backwards-compatible Client Hello messages. Neither clients nor servers are required to actually support Client Hello messages for anything other than TLS 1.0. However, the TLS extension for Server Name Indication ("server_name") [TLS-EXT] SHOULD be implemented by all clients; it also SHOULD be implemented by any server implementing STARTTLS that is known by multiple names. (Otherwise, it is not possible for a server with several hostnames to present the correct certificate to the client.)
服务器必须能够理解向后兼容的TLS客户机Hello消息(前提是客户机_版本为TLS 1.0或更高版本),并且客户机可以使用向后兼容的客户机Hello消息。除了TLS 1.0之外,客户机和服务器都不需要实际支持客户机Hello消息。但是,用于服务器名称指示的TLS扩展(“服务器名称”)[TLS-EXT]应由所有客户端实现;它还应该由实现STARTTLS的任何服务器实现,而STARTTLS是由多个名称所知的。(否则,具有多个主机名的服务器不可能向客户端提供正确的证书。)
If the TLS negotiation fails, both client and server SHOULD immediately close the connection. Note that while continuing the NNTP session is theoretically possible, in practice a TLS negotiation failure often leaves the session in an indeterminate state; therefore, interoperability can not be guaranteed.
如果TLS协商失败,客户端和服务器都应立即关闭连接。注意,尽管继续NNTP会话在理论上是可能的,但在实践中,TLS协商失败通常会使会话处于不确定状态;因此,互操作性无法得到保证。
Upon successful completion of the TLS handshake, the NNTP protocol is reset to the state immediately after the initial greeting response (see 5.1 of [NNTP]) has been sent, with the exception that if a MODE READER command has been issued, its effects (if any) are not reversed. At this point, as no greeting is sent, the next step is for the client to send a command. The server MUST discard any knowledge obtained from the client, such as the current newsgroup and article number, that was not obtained from the TLS negotiation itself. Likewise, the client SHOULD discard and MUST NOT rely on any
成功完成TLS握手后,NNTP协议立即重置为发送初始问候响应(见[NNTP]第5.1条)后的状态,但如果发出了模式读取器命令,其效果(如有)不会逆转。此时,由于没有发送问候语,下一步是让客户端发送命令。服务器必须放弃从客户端获得的、而不是从TLS协商本身获得的任何知识,例如当前新闻组和文章编号。同样,客户应放弃,不得依赖任何
knowledge obtained from the server, such as the capability list, which was not obtained from the TLS negotiation itself.
从服务器获得的知识,如能力列表,而不是从TLS协商本身获得的。
The server remains in the non-authenticated state, even if client credentials are supplied during the TLS negotiation. The AUTHINFO SASL command [NNTP-AUTH] with the EXTERNAL mechanism [SASL] MAY be used to authenticate once TLS client credentials are successfully exchanged, but servers supporting the STARTTLS command are not required to support AUTHINFO in general or the EXTERNAL mechanism in particular. The server MAY use information from the client certificate for identification of connections or posted articles (either in its logs or directly in posted articles).
即使在TLS协商期间提供了客户端凭据,服务器仍保持未经身份验证的状态。成功交换TLS客户端凭据后,可以使用带有外部机制[SASL]的AUTHINFO SASL命令[NNTP-AUTH]进行身份验证,但支持STARTTLS命令的服务器不需要支持AUTHINFO,尤其是外部机制。服务器可以使用来自客户端证书的信息来标识连接或发布的文章(在其日志中或直接在发布的文章中)。
Both the client and the server MUST know if there is a TLS session active. A client MUST NOT attempt to start a TLS session if a TLS session is already active. A server MUST NOT return the STARTTLS capability label in response to a CAPABILITIES command received after a TLS handshake has completed, and a server MUST respond with a 502 response code if a STARTTLS command is received while a TLS session is already active. Additionally, the client MUST NOT issue a MODE READER command while a TLS session is active, and a server MUST NOT advertise the MODE-READER capability.
客户端和服务器都必须知道是否存在活动的TLS会话。如果TLS会话已处于活动状态,则客户端不得尝试启动TLS会话。在TLS握手完成后,服务器不得返回STARTTLS能力标签以响应接收到的能力命令,如果在TLS会话已处于活动状态时接收到STARTTLS命令,则服务器必须使用502响应代码进行响应。此外,TLS会话处于活动状态时,客户端不得发出模式读取器命令,服务器不得公布模式读取器功能。
The capability list returned in response to a CAPABILITIES command received after a successful TLS handshake MAY be different from the list returned before the TLS handshake. For example, an NNTP server supporting SASL [NNTP-AUTH] might not want to advertise support for a particular mechanism unless a client has sent an appropriate client certificate during a TLS handshake.
在成功的TLS握手之后,为响应接收到的能力命令而返回的能力列表可能与TLS握手之前返回的列表不同。例如,支持SASL[NNTP-AUTH]的NNTP服务器可能不希望公布对特定机制的支持,除非客户机在TLS握手期间发送了适当的客户机证书。
Example of a client being prompted to use encryption and negotiating it successfully (showing the removal of STARTTLS from the capability list once a TLS layer is active), followed by a successful selection of the group and an (inappropriate) attempt by the client to initiate another TLS negotiation:
提示客户端使用加密并成功协商的示例(显示一旦TLS层处于活动状态,将STARTTLS从功能列表中删除),随后成功选择组,并且客户端尝试(不适当)启动另一个TLS协商:
[C] CAPABILITIES [S] 101 Capability list: [S] VERSION 2 [S] READER [S] STARTTLS [S] LIST ACTIVE NEWSGROUPS OVERVIEW.FMT [S] OVER [S] . [C] GROUP local.confidential [S] 483 Encryption or stronger authentication required
[C] CAPABILITIES [S] 101 Capability list: [S] VERSION 2 [S] READER [S] STARTTLS [S] LIST ACTIVE NEWSGROUPS OVERVIEW.FMT [S] OVER [S] . [C] GROUP local.confidential [S] 483 Encryption or stronger authentication required
[C] STARTTLS [S] 382 Continue with TLS negotiation [TLS negotiation occurs here] [Following successful negotiation, traffic is protected by TLS] [C] CAPABILITIES [S] 101 Capability list: [S] VERSION 2 [S] READER [S] LIST ACTIVE NEWSGROUPS OVERVIEW.FMT [S] OVER [S] . [C] GROUP local.confidential [S] 211 1234 3000234 3002322 local.confidential [C] STARTTLS [S] 502 STARTTLS not allowed with active TLS layer
[C] STARTTLS [S] 382 Continue with TLS negotiation [TLS negotiation occurs here] [Following successful negotiation, traffic is protected by TLS] [C] CAPABILITIES [S] 101 Capability list: [S] VERSION 2 [S] READER [S] LIST ACTIVE NEWSGROUPS OVERVIEW.FMT [S] OVER [S] . [C] GROUP local.confidential [S] 211 1234 3000234 3002322 local.confidential [C] STARTTLS [S] 502 STARTTLS not allowed with active TLS layer
Example of a request to begin TLS negotiation declined by the server:
服务器拒绝开始TLS协商的请求示例:
[C] STARTTLS [S] 580 Can not initiate TLS negotiation
[C] STARTTLS[S]580无法启动TLS协商
Example of a failed attempt to negotiate TLS, followed by two attempts at selecting groups only available under a security layer (in the first case, the server allows the session to continue; in the second, it closes the connection). Note that unrestricted commands such as CAPABILITIES are unaffected by the failure:
尝试协商TLS失败的示例,随后两次尝试选择仅在安全层下可用的组(在第一种情况下,服务器允许会话继续;在第二种情况下,服务器关闭连接)。请注意,不受限制的命令(如功能)不受故障的影响:
[C] STARTTLS [S] 382 Continue with TLS negotiation [TLS negotiation is attempted here] [Following failed negotiation, traffic resumes without TLS] [C] CAPABILITIES [S] 101 Capability list: [S] VERSION 2 [S] READER [S] STARTTLS [S] LIST ACTIVE NEWSGROUPS OVERVIEW.FMT [S] OVER [S] . [C] GROUP local.confidential [S] 483 Encryption or stronger authentication required [C] GROUP local.private [S] 400 Closing connection due to lack of security
[C] STARTTLS [S] 382 Continue with TLS negotiation [TLS negotiation is attempted here] [Following failed negotiation, traffic resumes without TLS] [C] CAPABILITIES [S] 101 Capability list: [S] VERSION 2 [S] READER [S] STARTTLS [S] LIST ACTIVE NEWSGROUPS OVERVIEW.FMT [S] OVER [S] . [C] GROUP local.confidential [S] 483 Encryption or stronger authentication required [C] GROUP local.private [S] 400 Closing connection due to lack of security
This section describes the formal syntax of the STARTTLS extension using ABNF [ABNF]. It extends the syntax in Section 9 of [NNTP], and non-terminals not defined in this document are defined there. The [NNTP] ABNF should be imported first before attempting to validate these rules.
本节介绍使用ABNF[ABNF]的STARTTLS扩展的正式语法。它扩展了[NNTP]第9节中的语法,本文件中未定义的非终端在此处定义。在尝试验证这些规则之前,应首先导入[NNTP]ABNF。
This syntax extends the non-terminal "command", which represents an NNTP command.
此语法扩展了表示NNTP命令的非终端“命令”。
command =/ starttls-command
command=/starttls命令
starttls-command = "STARTTLS"
starttls-command = "STARTTLS"
This syntax extends the non-terminal "capability-entry", which represents a capability that may be advertised by the server.
此语法扩展了非终端“能力条目”,它表示可能由服务器公布的能力。
capability-entry =/ starttls-capability
能力条目=/starttls能力
starttls-capability = "STARTTLS"
starttls-capability = "STARTTLS"
This section contains a list of each new response code defined in this document and indicates whether it is multi-line, which commands can generate it, what arguments it has, and what its meaning is.
本节包含本文档中定义的每个新响应代码的列表,并指出它是否为多行代码、哪些命令可以生成它、它有哪些参数以及它的含义。
Response code 382 Generated by: STARTTLS Meaning: continue with TLS negotiation
响应代码382生成人:STARTTLS含义:继续TLS协商
Response code 580 Generated by: STARTTLS Meaning: can not initiate TLS negotiation
响应代码580由:STARTTLS生成,意思是:无法启动TLS协商
Security issues are discussed throughout this memo.
本备忘录中讨论了安全问题。
In general, the security considerations of the TLS protocol [TLS] and any implemented extensions [TLS-EXT] are applicable here; only the most important are highlighted specifically below. Also, this extension is not intended to cure the security considerations
一般来说,TLS协议[TLS]和任何实现的扩展[TLS-EXT]的安全考虑因素在此适用;只有最重要的部分在下面特别强调。此外,此扩展并不是为了解决安全问题
described in Section 12 of [NNTP]; those considerations remain relevant to any NNTP implementation.
[NNTP]第12节所述;这些考虑仍然与任何NNTP实施相关。
NNTP client and server implementations MUST implement the TLS_RSA_WITH_RC4_128_MD5 [TLS] cipher suite and SHOULD implement the TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA [TLS] cipher suite. This is important, as it assures that any two compliant implementations can be configured to interoperate. All other cipher suites are OPTIONAL.
NNTP客户机和服务器实现必须使用RC4、128、MD5[TLS]密码套件实现TLS、RSA,并使用CBC、SHA[TLS]密码套件实现TLS、DHE、DSS。这一点很重要,因为它可以确保任何两个兼容的实现都可以配置为互操作。所有其他密码套件都是可选的。
Before the TLS handshake has begun, any protocol interactions are performed in the clear and may be modified by an active attacker. For this reason, clients and servers MUST discard any sensitive knowledge obtained prior to the start of the TLS handshake upon the establishment of a security layer. Furthermore, the CAPABILITIES command SHOULD be re-issued upon the establishment of a security layer, and other protocol state SHOULD be re-negotiated as well.
在TLS握手开始之前,任何协议交互都会在clear中执行,并且可能会被活动攻击者修改。因此,客户机和服务器必须丢弃在建立安全层后开始TLS握手之前获得的任何敏感知识。此外,应在建立安全层后重新发布“能力”命令,并重新协商其他协议状态。
Note that NNTP is not an end-to-end mechanism. Thus, if an NNTP client/server pair decide to add TLS confidentiality, they are securing the transport only for that link. Similarly, because delivery of a single Netnews article may go between more than two NNTP servers, adding TLS confidentiality to one pair of servers does not mean that the entire NNTP chain has been made private. Furthermore, just because an NNTP server can authenticate an NNTP client, it does not mean that the articles from the NNTP client were authenticated by the NNTP client when the client itself received them (prior to forwarding them to the server).
请注意,NNTP不是端到端机制。因此,如果NNTP客户机/服务器对决定添加TLS机密性,则它们仅保护该链路的传输。类似地,由于单个Netnews文章的交付可能在两个以上的NNTP服务器之间进行,因此向一对服务器添加TLS机密性并不意味着整个NNTP链都是私有的。此外,仅仅因为NNTP服务器可以对NNTP客户端进行身份验证,这并不意味着当客户端本身接收到NNTP客户端的项目时(在将它们转发到服务器之前),NNTP客户端对来自NNTP客户端的项目进行了身份验证。
During the TLS negotiation, the client MUST check its understanding of the server hostname against the server's identity as presented in the server Certificate message, in order to prevent man-in-the-middle attacks. Matching is performed according to these rules:
在TLS协商期间,客户端必须对照服务器证书消息中显示的服务器身份检查其对服务器主机名的理解,以防止中间人攻击。根据以下规则执行匹配:
- The client MUST use the server hostname it used to open the connection (or the hostname specified in TLS "server_name" extension [TLS-EXT]) as the value to compare against the server name as expressed in the server certificate. The client MUST NOT use any form of the server hostname derived from an insecure remote source (e.g., insecure DNS lookup). CNAME canonicalization is not done.
- 客户端必须使用用于打开连接的服务器主机名(或TLS“server_name”扩展[TLS-EXT]中指定的主机名)作为值,以与服务器证书中表示的服务器名称进行比较。客户端不得使用从不安全的远程源(例如,不安全的DNS查找)派生的任何形式的服务器主机名。CNAME规范化未完成。
- If a subjectAltName extension of type dNSName is present in the certificate, it SHOULD be used as the source of the server's identity.
- 如果证书中存在dNSName类型的subjectAltName扩展名,则应将其用作服务器标识的源。
- Matching is case-insensitive.
- 匹配不区分大小写。
- A "*" wildcard character MAY be used as the left-most name component in the certificate. For example, *.example.com would match a.example.com, foo.example.com, etc., but would not match example.com.
- “*”通配符可以用作证书中最左边的名称组件。例如,*.example.com将与a.example.com、foo.example.com等匹配,但与example.com不匹配。
- If the certificate contains multiple names (e.g., more than one dNSName field), then a match with any one of the fields is considered acceptable.
- 如果证书包含多个名称(例如,多个dNSName字段),则认为与任何一个字段的匹配都是可接受的。
If the match fails, the client SHOULD either ask for explicit user confirmation or terminate the connection with a QUIT command and indicate the server's identity is suspect.
如果匹配失败,客户端应该请求明确的用户确认,或者使用QUIT命令终止连接,并指出服务器的身份可疑。
Additionally, clients MUST verify the binding between the identity of the servers to which they connect and the public keys presented by those servers. Clients SHOULD implement the algorithm in Section 6 of [PKI-CERT] for general certificate validation, but MAY supplement that algorithm with other validation methods that achieve equivalent levels of verification (such as comparing the server certificate against a local store of already-verified certificates and identity bindings).
此外,客户端必须验证它们所连接的服务器的标识与这些服务器提供的公钥之间的绑定。客户端应实施[PKI-CERT]第6节中的算法进行一般证书验证,但可以使用其他验证方法来补充该算法,以实现同等级别的验证(例如将服务器证书与已验证证书和身份绑定的本地存储进行比较)。
A man-in-the-middle attack can be launched by deleting the STARTTLS capability label in the CAPABILITIES response from the server. This would cause the client not to try to start a TLS session. Another man-in-the-middle attack would allow the server to announce its STARTTLS capability, but alter the client's request to start TLS and the server's response. An NNTP client can partially protect against these attacks by recording the fact that a particular NNTP server offers TLS during one session and generating an alarm if it does not appear in the CAPABILITIES response for a later session. (Of course, the STARTTLS capability would not be listed after a security layer is in place.)
可以通过删除服务器功能响应中的STARTTLS功能标签来发起中间人攻击。这将导致客户端不尝试启动TLS会话。另一种中间人攻击将允许服务器宣布其STARTTLS功能,但会改变客户端启动TLS的请求和服务器的响应。NNTP客户端可以通过记录特定NNTP服务器在一个会话期间提供TLS的事实,并在以后会话的功能响应中未出现警报时生成警报,从而部分抵御这些攻击。(当然,在安全层就位后,STARTTLS功能不会被列出。)
If the client receives a 483 or 580 response, the client has to decide what to do next. The client has to choose among three main options: to go ahead with the rest of the NNTP session, to (re)try TLS later in the session, or to give up and postpone newsreading/transport activity. If an error occurs, the client can assume that the server may be able to negotiate TLS in the future and should try to negotiate TLS in a later session. However, if the client and server were only using TLS for authentication and no previous 480 response was received, the client may want to proceed with the NNTP session, in case some of the operations the client wanted to perform are accepted by the server even if the client is unauthenticated.
如果客户机收到483或580响应,客户机必须决定下一步要做什么。客户端必须在三个主要选项中进行选择:继续NNTP会话的其余部分,稍后在会话中(重新)尝试TLS,或者放弃并推迟新闻阅读/传输活动。如果发生错误,客户端可以假定服务器将来可能能够协商TLS,并应在以后的会话中尝试协商TLS。但是,如果客户端和服务器仅使用TLS进行身份验证,并且未收到以前的480响应,则客户端可能希望继续NNTP会话,以防服务器接受客户端希望执行的某些操作,即使客户端未经身份验证。
This section gives a formal definition of the STARTTLS extension as required by Section 3.3.3 of [NNTP] for the IANA registry.
本节给出了[NNTP]第3.3.3节要求的IANA注册表STARTTLS扩展的正式定义。
o The STARTTLS extension provides connection-based security via the Transport Layer Security (TLS).
o STARTTLS扩展通过传输层安全性(TLS)提供基于连接的安全性。
o The capability label for this extension is "STARTTLS".
o 此扩展的功能标签为“STARTTLS”。
o The capability label has no arguments.
o 功能标签没有参数。
o This extension defines one new command, STARTTLS, whose behavior, arguments, and responses are defined in Section 2.2.
o 此扩展定义了一个新命令STARTTLS,其行为、参数和响应在第2.2节中定义。
o This extension does not associate any new responses with pre-existing NNTP commands.
o 此扩展不会将任何新响应与预先存在的NNTP命令相关联。
o This extension does affect the overall behavior of both server and client, in that after successful use of the STARTTLS command, all communication is transmitted with the TLS protocol as an intermediary.
o 此扩展确实会影响服务器和客户端的整体行为,因为在成功使用STARTTLS命令后,所有通信都将通过TLS协议作为中介进行传输。
o This extension does not affect the maximum length of commands or initial response lines.
o 此扩展不影响命令或初始响应行的最大长度。
o This extension does not alter pipelining, but the STARTTLS command cannot be pipelined.
o 此扩展不会改变管道,但无法管道化STARTTLS命令。
o Use of this extension does alter the capabilities list; once the STARTTLS command has been used successfully, the STARTTLS capability can no longer be advertised by CAPABILITIES.
o 使用此扩展不会改变功能列表;成功使用STARTTLS命令后,STARTTLS功能将不再由功能播发。
Additionally, the MODE-READER capability MUST NOT be advertised after a successful TLS negotiation.
此外,在成功的TLS协商后,不得公布模式读取器功能。
o This extension does not cause any pre-existing command to produce a 401, 480, or 483 response.
o 此扩展不会导致任何预先存在的命令生成401、480或483响应。
o This extension is unaffected by any use of the MODE READER command, however the MODE READER command MUST NOT be used in the same session following a successful TLS negotiation.
o 此扩展不受模式读取器命令的任何使用的影响,但是在TLS协商成功后,模式读取器命令不得在同一会话中使用。
o Published Specification: This document.
o 已发布规范:本文件。
o Contact for Further Information: Authors of this document.
o 更多信息请联系:本文件作者。
o Change Controller: IESG <iesg@ietf.org>.
o 更改控制器:IESG<iesg@ietf.org>.
[ABNF] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", RFC 4234, October 2005.
[ABNF]Crocker,D.,Ed.和P.Overell,“语法规范的扩充BNF:ABNF”,RFC 42342005年10月。
[KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[关键词]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[NNTP] Feather, C., "Network News Transfer Protocol (NNTP)", RFC 3977, October 2006.
[NNTP]Feather,C.,“网络新闻传输协议(NNTP)”,RFC 3977,2006年10月。
[PKI-CERT] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 3280, April 2002.
[PKI-CERT]Housley,R.,Polk,W.,Ford,W.,和D.Solo,“Internet X.509公钥基础设施证书和证书撤销列表(CRL)配置文件”,RFC 32802002年4月。
[TLS] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.1", RFC 4346, April 2006.
[TLS]Dierks,T.和E.Rescorla,“传输层安全(TLS)协议版本1.1”,RFC 4346,2006年4月。
[TLS-EXT] Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J., and T. Wright, "Transport Layer Security (TLS) Extensions", RFC 4366, April 2006.
[TLS-EXT]Blake Wilson,S.,Nystrom,M.,Hopwood,D.,Mikkelsen,J.,和T.Wright,“传输层安全(TLS)扩展”,RFC 4366,2006年4月。
[NNTP-AUTH] Vinocur, J., Murchison, K., and C. Newman, "Network News Transfer Protocol (NNTP) Extension for Authentication", RFC 4643, October 2006.
[NNTP-AUTH]Vinocur,J.,Murchison,K.,和C.Newman,“网络新闻传输协议(NNTP)认证扩展”,RFC 46432006年10月。
[SASL] Melninov, A., Ed. and K. Zeilenga, Ed, "Simple Authentication and Security Layer (SASL)", RFC 4422, June 2006.
[SASL]Melninov,A.,Ed.和K.Zeilenga,Ed,“简单身份验证和安全层(SASL)”,RFC 4422,2006年6月。
[TLS-IMAPPOP] Newman, C., "Using TLS with IMAP, POP3 and ACAP", RFC 2595, June 1999.
[TLS-IMAPPOP]纽曼,C.,“将TLS与IMAP、POP3和ACAP一起使用”,RFC 25951999年6月。
A significant amount of the text in this document was lifted from RFC 2595 by Chris Newman and RFC 3207 by Paul Hoffman.
本文档中的大量文本由Chris Newman从RFC 2595和Paul Hoffman从RFC 3207中提取。
Special acknowledgement goes also to the people who commented privately on intermediate revisions of this document, as well as the members of the IETF NNTP Working Group for continual insight in discussion.
特别感谢对本文件中间版本发表私人评论的人士,以及IETF NNTP工作组成员在讨论中的持续见解。
Authors' Addresses
作者地址
Kenneth Murchison Carnegie Mellon University 5000 Forbes Avenue Cyert Hall 285 Pittsburgh, PA 15213 USA
肯尼斯·默奇森卡内基梅隆大学福布斯大道5000号塞尔特大厅美国宾夕法尼亚州匹兹堡285号15213
EMail: murch@andrew.cmu.edu
EMail: murch@andrew.cmu.edu
Jeffrey M. Vinocur Department of Computer Science Upson Hall Cornell University Ithaca, NY 14853
Jeffrey M.Vinocur纽约州伊萨卡康奈尔大学厄普森霍尔分校计算机科学系,邮编14853
EMail: vinocur@cs.cornell.edu
EMail: vinocur@cs.cornell.edu
Chris Newman Sun Microsystems 3401 Centrelake Dr., Suite 410 Ontario, CA 91761
Chris Newman Sun Microsystems 3401 Centrelake Dr.,加利福尼亚州安大略省410号套房,邮编:91761
EMail: Chris.Newman@sun.com
EMail: Chris.Newman@sun.com
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (2006).
版权所有(C)互联网协会(2006年)。
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA).
RFC编辑器功能的资金由IETF行政支持活动(IASA)提供。