Tech-invite3GPPspaceIETFspace
96959493929190898887868584838281807978777675747372717069686766656463626160595857565554535251504948474645444342414039383736353433323130292827262524232221201918171615141312111009080706050403020100
in Index   Prev   Next

RFC 3977

Network News Transfer Protocol (NNTP)

Pages: 125
Proposed Standard
Errata
Obsoletes:  0977
Updates:  2980
Updated by:  6048
Part 1 of 4 – Pages 1 to 25
None   None   Next

Top   ToC   RFC3977 - Page 1
Network Working Group                                         C. Feather
Request for Comments: 3977                                      THUS plc
Obsoletes: 977                                              October 2006
Updates: 2980
Category: Standards Track


                 Network News Transfer Protocol (NNTP)

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

The Network News Transfer Protocol (NNTP) has been in use in the Internet for a decade, and remains one of the most popular protocols (by volume) in use today. This document is a replacement for RFC 977, and officially updates the protocol specification. It clarifies some vagueness in RFC 977, includes some new base functionality, and provides a specific mechanism to add standardized extensions to NNTP.

Table of Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Author's Note . . . . . . . . . . . . . . . . . . . . . . 4 2. Notation . . . . . . . . . . . . . . . . . . . . . . . . . . 5 3. Basic Concepts . . . . . . . . . . . . . . . . . . . . . . . 6 3.1. Commands and Responses . . . . . . . . . . . . . . . . . 6 3.1.1. Multi-line Data Blocks . . . . . . . . . . . . . . . . 8 3.2. Response Codes . . . . . . . . . . . . . . . . . . . . . 9 3.2.1. Generic Response Codes . . . . . . . . . . . . . . . 10 3.2.1.1. Examples . . . . . . . . . . . . . . . . . . . . 12 3.3. Capabilities and Extensions . . . . . . . . . . . . . . . 14 3.3.1. Capability Descriptions . . . . . . . . . . . . . . . 14 3.3.2. Standard Capabilities . . . . . . . . . . . . . . . . 15 3.3.3. Extensions . . . . . . . . . . . . . . . . . . . . . 16 3.3.4. Initial IANA Register . . . . . . . . . . . . . . . . 18 3.4. Mandatory and Optional Commands . . . . . . . . . . . . . 20
Top   ToC   RFC3977 - Page 2
       3.4.1.  Reading and Transit Servers . . . . . . . . . . . . . 21
       3.4.2.  Mode Switching  . . . . . . . . . . . . . . . . . . . 21
     3.5.  Pipelining  . . . . . . . . . . . . . . . . . . . . . . . 22
       3.5.1.  Examples  . . . . . . . . . . . . . . . . . . . . . . 23
     3.6.  Articles  . . . . . . . . . . . . . . . . . . . . . . . . 24
   4.  The WILDMAT Format  . . . . . . . . . . . . . . . . . . . . . 25
     4.1.  Wildmat Syntax  . . . . . . . . . . . . . . . . . . . . . 26
     4.2.  Wildmat Semantics . . . . . . . . . . . . . . . . . . . . 26
     4.3.  Extensions  . . . . . . . . . . . . . . . . . . . . . . . 27
     4.4.  Examples  . . . . . . . . . . . . . . . . . . . . . . . . 27
   5.  Session Administration Commands . . . . . . . . . . . . . . . 28
     5.1.  Initial Connection  . . . . . . . . . . . . . . . . . . . 28
     5.2.  CAPABILITIES  . . . . . . . . . . . . . . . . . . . . . . 29
     5.3.  MODE READER . . . . . . . . . . . . . . . . . . . . . . . 32
     5.4.  QUIT  . . . . . . . . . . . . . . . . . . . . . . . . . . 34
   6.  Article Posting and Retrieval . . . . . . . . . . . . . . . . 35
     6.1.  Group and Article Selection . . . . . . . . . . . . . . . 36
       6.1.1.  GROUP . . . . . . . . . . . . . . . . . . . . . . . . 36
       6.1.2.  LISTGROUP . . . . . . . . . . . . . . . . . . . . . . 39
       6.1.3.  LAST  . . . . . . . . . . . . . . . . . . . . . . . . 42
       6.1.4.  NEXT  . . . . . . . . . . . . . . . . . . . . . . . . 44
     6.2.  Retrieval of Articles and Article Sections  . . . . . . . 45
       6.2.1.  ARTICLE . . . . . . . . . . . . . . . . . . . . . . . 46
       6.2.2.  HEAD  . . . . . . . . . . . . . . . . . . . . . . . . 49
       6.2.3.  BODY  . . . . . . . . . . . . . . . . . . . . . . . . 51
       6.2.4.  STAT  . . . . . . . . . . . . . . . . . . . . . . . . 53
     6.3.  Article Posting . . . . . . . . . . . . . . . . . . . . . 56
       6.3.1.  POST  . . . . . . . . . . . . . . . . . . . . . . . . 56
       6.3.2.  IHAVE . . . . . . . . . . . . . . . . . . . . . . . . 58
   7.  Information Commands  . . . . . . . . . . . . . . . . . . . . 61
     7.1.  DATE  . . . . . . . . . . . . . . . . . . . . . . . . . . 61
     7.2.  HELP  . . . . . . . . . . . . . . . . . . . . . . . . . . 62
     7.3.  NEWGROUPS . . . . . . . . . . . . . . . . . . . . . . . . 63
     7.4.  NEWNEWS . . . . . . . . . . . . . . . . . . . . . . . . . 64
     7.5.  Time  . . . . . . . . . . . . . . . . . . . . . . . . . . 65
       7.5.1.  Examples  . . . . . . . . . . . . . . . . . . . . . . 66
     7.6.  The LIST Commands . . . . . . . . . . . . . . . . . . . . 66
       7.6.1.  LIST  . . . . . . . . . . . . . . . . . . . . . . . . 67
       7.6.2.  Standard LIST Keywords  . . . . . . . . . . . . . . . 69
       7.6.3.  LIST ACTIVE . . . . . . . . . . . . . . . . . . . . . 70
       7.6.4.  LIST ACTIVE.TIMES . . . . . . . . . . . . . . . . . . 71
       7.6.5.  LIST DISTRIB.PATS . . . . . . . . . . . . . . . . . . 72
       7.6.6.  LIST NEWSGROUPS . . . . . . . . . . . . . . . . . . . 73
   8.  Article Field Access Commands . . . . . . . . . . . . . . . . 73
     8.1.  Article Metadata  . . . . . . . . . . . . . . . . . . . . 74
       8.1.1.  The :bytes Metadata Item  . . . . . . . . . . . . . . 74
       8.1.2.  The :lines Metadata Item  . . . . . . . . . . . . . . 75
     8.2.  Database Consistency  . . . . . . . . . . . . . . . . . . 75
Top   ToC   RFC3977 - Page 3
     8.3.  OVER  . . . . . . . . . . . . . . . . . . . . . . . . . . 76
     8.4.  LIST OVERVIEW.FMT . . . . . . . . . . . . . . . . . . . . 81
     8.5.  HDR . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
     8.6.  LIST HEADERS  . . . . . . . . . . . . . . . . . . . . . . 87
   9.  Augmented BNF Syntax for NNTP . . . . . . . . . . . . . . . . 90
     9.1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . 90
     9.2.  Commands  . . . . . . . . . . . . . . . . . . . . . . . . 92
     9.3.  Command Continuation  . . . . . . . . . . . . . . . . . . 93
     9.4.  Responses . . . . . . . . . . . . . . . . . . . . . . . . 93
       9.4.1.  Generic Responses . . . . . . . . . . . . . . . . . . 93
       9.4.2.  Initial Response Line Contents  . . . . . . . . . . . 94
       9.4.3.  Multi-line Response Contents  . . . . . . . . . . . . 94
     9.5.  Capability Lines  . . . . . . . . . . . . . . . . . . . . 95
     9.6.  LIST Variants . . . . . . . . . . . . . . . . . . . . . . 96
     9.7.  Articles  . . . . . . . . . . . . . . . . . . . . . . . . 97
     9.8.  General Non-terminals . . . . . . . . . . . . . . . . . . 97
     9.9.  Extensions and Validation . . . . . . . . . . . . . . . . 99
   10. Internationalisation Considerations . . . . . . . . . . . . .100
     10.1. Introduction and Historical Situation . . . . . . . . . .100
     10.2. This Specification  . . . . . . . . . . . . . . . . . . .101
     10.3. Outstanding Issues  . . . . . . . . . . . . . . . . . . .102
   11. IANA Considerations . . . . . . . . . . . . . . . . . . . . .103
   12. Security Considerations . . . . . . . . . . . . . . . . . . .103
     12.1. Personal and Proprietary Information  . . . . . . . . . .104
     12.2. Abuse of Server Log Information . . . . . . . . . . . . .104
     12.3. Weak Authentication and Access Control  . . . . . . . . .104
     12.4. DNS Spoofing  . . . . . . . . . . . . . . . . . . . . . .104
     12.5. UTF-8 Issues  . . . . . . . . . . . . . . . . . . . . . .105
     12.6. Caching of Capability Lists . . . . . . . . . . . . . . .106
   13. Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .107
   14. References  . . . . . . . . . . . . . . . . . . . . . . . . .110
     14.1. Normative References  . . . . . . . . . . . . . . . . . .110
     14.2. Informative References  . . . . . . . . . . . . . . . . .110
   A.  Interaction with Other Specifications . . . . . . . . . . . .112
     A.1.  Header Folding  . . . . . . . . . . . . . . . . . . . . .112
     A.2.  Message-IDs . . . . . . . . . . . . . . . . . . . . . . .112
     A.3.  Article Posting . . . . . . . . . . . . . . . . . . . . .114
   B.  Summary of Commands . . . . . . . . . . . . . . . . . . . . .115
   C.  Summary of Response Codes . . . . . . . . . . . . . . . . . .117
   D.  Changes from RFC 977  . . . . . . . . . . . . . . . . . . . .121

1. Introduction

This document specifies the Network News Transfer Protocol (NNTP), which is used for the distribution, inquiry, retrieval, and posting of Netnews articles using a reliable stream-based mechanism. For news-reading clients, NNTP enables retrieval of news articles that
Top   ToC   RFC3977 - Page 4
   are stored in a central database, giving subscribers the ability to
   select only those articles they wish to read.

   The Netnews model provides for indexing, cross-referencing, and
   expiration of aged messages.  NNTP is designed for efficient
   transmission of Netnews articles over a reliable full duplex
   communication channel.

   Although the protocol specification in this document is largely
   compatible with the version specified in RFC 977 [RFC977], a number
   of changes are summarised in Appendix D.  In particular:

   o  the default character set is changed from US-ASCII [ANSI1986] to
      UTF-8 [RFC3629] (note that US-ASCII is a subset of UTF-8);

   o  a number of commands that were optional in RFC 977 or that have
      been taken from RFC 2980 [RFC2980] are now mandatory; and

   o  a CAPABILITIES command has been added to allow clients to
      determine what functionality is available from a server.

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].

   An implementation is not compliant if it fails to satisfy one or more
   of the MUST requirements for this protocol.  An implementation that
   satisfies all the MUST and all the SHOULD requirements for its
   protocols is said to be "unconditionally compliant"; one that
   satisfies all the MUST requirements but not all the SHOULD
   requirements for NNTP is said to be "conditionally compliant".

   For the remainder of this document, the terms "client" and "client
   host" refer to a host making use of the NNTP service, while the terms
   "server" and "server host" refer to a host that offers the NNTP
   service.

1.1. Author's Note

This document is written in XML using an NNTP-specific DTD. Custom software is used to convert this to RFC 2629 [RFC2629] format, and then the public "xml2rfc" package to further reduce this to text, nroff source, and HTML. No perl was used in producing this document.
Top   ToC   RFC3977 - Page 5

2. Notation

The following notational conventions are used in this document. UPPERCASE indicates literal text to be included in the command. lowercase indicates a token described elsewhere. [brackets] indicate that the enclosed material is optional. elliptical indicates that the argument may be repeated any ... marks number of times (it must occur at least once). vertical|bar indicates a choice of two mutually exclusive arguments (exactly one must be provided). The name "message-id" for a command or response argument indicates that it is the message-id of an article as described in Section 3.6, including the angle brackets. The name "wildmat" for an argument indicates that it is a wildmat as defined in Section 4. If the argument does not meet the requirements of that section (for example, if it does not fit the grammar of Section 4.1), the NNTP server MAY place some interpretation on it (not specified by this document) or otherwise MUST treat it as a syntax error. Responses for each command will be described in tables listing the required format of a response followed by the meaning that should be ascribed to that response. The terms "NUL", "TAB", "LF", "CR, and "space" refer to the octets %x00, %x09, %x0A, %x0D, and %x20, respectively (that is, the octets with those codes in US-ASCII [ANSI1986] and thus in UTF-8 [RFC3629]). The term "CRLF" or "CRLF pair" means the sequence CR immediately followed by LF (that is, %x0D.0A). A "printable US-ASCII character" is an octet in the range %x21-7E. Quoted characters refer to the octets with those codes in US-ASCII (so "." and "<" refer to %x2E and %x3C) and will always be printable US-ASCII characters; similarly, "digit" refers to the octets %x30-39. A "keyword" MUST consist only of US-ASCII letters, digits, and the characters dot (".") and dash ("-") and MUST begin with a letter. Keywords MUST be at least three characters in length.
Top   ToC   RFC3977 - Page 6
   Examples in this document are not normative but serve to illustrate
   usages, arguments, and responses.  In the examples, a "[C]" will be
   used to represent the client host and an "[S]" will be used to
   represent the server host.  Most of the examples do not rely on a
   particular server state.  In some cases, however, they do assume that
   the currently selected newsgroup (see the GROUP command,
   Section 6.1.1) is invalid; when so, this is indicated at the start of
   the example.  Examples may use commands or other keywords not defined
   in this specification (such as an XENCRYPT command).  These will be
   used to illustrate some point and do not imply that any such command
   is defined elsewhere or needs to exist in any particular
   implementation.

   Terms that might be read as specifying details of a client or server
   implementation, such as "database", are used simply to ease
   description.  Provided that implementations conform to the protocol
   and format specifications in this document, no specific technique is
   mandated.

3. Basic Concepts

3.1. Commands and Responses

NNTP operates over any reliable bi-directional 8-bit-wide data stream channel. When the connection is established, the NNTP server host MUST send a greeting. The client host and server host then exchange commands and responses (respectively) until the connection is closed or aborted. If the connection used is TCP, then the server host starts the NNTP service by listening on a TCP port. When a client host wishes to make use of the service, it MUST establish a TCP connection with the server host by connecting to that host on the same port on which the server is listening. The character set for all NNTP commands is UTF-8 [RFC3629]. Commands in NNTP MUST consist of a keyword, which MAY be followed by one or more arguments. A CRLF pair MUST terminate all commands. Multiple commands MUST NOT be on the same line. Unless otherwise noted elsewhere in this document, arguments SHOULD consist of printable US- ASCII characters. Keywords and arguments MUST each be separated by one or more space or TAB characters. Command lines MUST NOT exceed 512 octets, which includes the terminating CRLF pair. The arguments MUST NOT exceed 497 octets. A server MAY relax these limits for commands defined in an extension. Where this specification permits UTF-8 characters outside the range of U+0000 to U+007F, implementations MUST NOT use the Byte Order Mark (U+FEFF, encoding %xEF.BB.BF) and MUST use the Word Joiner (U+2060, encoding %xE2.91.A0) for the meaning Zero Width No-Break Space in
Top   ToC   RFC3977 - Page 7
   command lines and the initial lines of responses.  Implementations
   SHOULD apply these same principles throughout.

   The term "character" means a single Unicode code point.
   Implementations are not required to carry out Unicode normalisation.
   Thus, U+0084 (A-dieresis) is one character, while U+0041 U+0308 (A
   composed with dieresis) is two; the two need not be treated as
   equivalent.

   Commands may have variants; if so, they use a second keyword
   immediately after the first to indicate which variant is required.
   The only such commands in this specification are LIST and MODE.  Note
   that such variants are sometimes referred to as if they were commands
   in their own right: "the LIST ACTIVE" command should be read as
   shorthand for "the ACTIVE variant of the LIST command".

   Keywords are case insensitive; the case of keywords for commands MUST
   be ignored by the server.  Command and response arguments are case or
   language specific only when stated, either in this document or in
   other relevant specifications.

   In some cases, a command involves more data than just a single line.
   The further data may be sent either immediately after the command
   line (there are no instances of this in this specification, but there
   are in extensions such as [NNTP-STREAM]) or following a request from
   the server (indicated by a 3xx response).

   Each response MUST start with a three-digit response code that is
   sufficient to distinguish all responses.  Certain valid responses are
   defined to be multi-line; for all others, the response is contained
   in a single line.  The initial line of the response MUST NOT exceed
   512 octets, which includes the response code and the terminating CRLF
   pair; an extension MAY specify a greater maximum for commands that it
   defines, but not for any other command.  Single-line responses
   consist of an initial line only.  Multi-line responses consist of an
   initial line followed by a multi-line data block.

   An NNTP server MAY have an inactivity autologout timer.  Such a timer
   SHOULD be of at least three minutes' duration, with the exception
   that there MAY be a shorter limit on how long the server is willing
   to wait for the first command from the client.  The receipt of any
   command from the client during the timer interval SHOULD suffice to
   reset the autologout timer.  Similarly, the receipt of any
   significant amount of data from a client that is sending a multi-line
   data block (such as during a POST or IHAVE command) SHOULD suffice to
   reset the autologout timer.  When the timer expires, the server
   SHOULD close the connection without sending any response to the
   client.
Top   ToC   RFC3977 - Page 8

3.1.1. Multi-line Data Blocks

A multi-line data block is used in certain commands and responses. It MUST adhere to the following rules: 1. The block consists of a sequence of zero or more "lines", each being a stream of octets ending with a CRLF pair. Apart from those line endings, the stream MUST NOT include the octets NUL, LF, or CR. 2. In a multi-line response, the block immediately follows the CRLF at the end of the initial line of the response. When used in any other context, the specific command will define when the block is sent. 3. If any line of the data block begins with the "termination octet" ("." or %x2E), that line MUST be "dot-stuffed" by prepending an additional termination octet to that line of the block. 4. The lines of the block MUST be followed by a terminating line consisting of a single termination octet followed by a CRLF pair in the normal way. Thus, unless it is empty, a multi-line block is always terminated with the five octets CRLF "." CRLF (%x0D.0A.2E.0D.0A). 5. When a multi-line block is interpreted, the "dot-stuffing" MUST be undone; i.e., the recipient MUST ensure that, in any line beginning with the termination octet followed by octets other than a CRLF pair, that initial termination octet is disregarded. 6. Likewise, the terminating line ("." CRLF or %x2E.0D.0A) MUST NOT be considered part of the multi-line block; i.e., the recipient MUST ensure that any line beginning with the termination octet followed immediately by a CRLF pair is disregarded. (The first CRLF pair of the terminating CRLF "." CRLF of a non-empty block is, of course, part of the last line of the block.) Note that texts using an encoding (such as UTF-16 or UTF-32) that may contain the octets NUL, LF, or CR other than a CRLF pair cannot be reliably conveyed in the above format (that is, they violate the MUST requirement above). However, except when stated otherwise, this specification does not require the content to be UTF-8, and therefore (subject to that same requirement) it MAY include octets above and below 128 mixed arbitrarily. This document does not place any limit on the length of a line in a multi-line block. However, the standards that define the format of articles may do so.
Top   ToC   RFC3977 - Page 9

3.2. Response Codes

Each response MUST begin with a three-digit status indicator. These are status reports from the server and indicate the response to the last command received from the client. The first digit of the response broadly indicates the success, failure, or progress of the previous command: 1xx - Informative message 2xx - Command completed OK 3xx - Command OK so far; send the rest of it 4xx - Command was syntactically correct but failed for some reason 5xx - Command unknown, unsupported, unavailable, or syntax error The next digit in the code indicates the function response category: x0x - Connection, setup, and miscellaneous messages x1x - Newsgroup selection x2x - Article selection x3x - Distribution functions x4x - Posting x8x - Reserved for authentication and privacy extensions x9x - Reserved for private use (non-standard extensions) Certain responses contain arguments such as numbers and names in addition to the status indicator. In those cases, to simplify interpretation by the client, the number and type of such arguments is fixed for each response code, as is whether the code is single-line or multi-line. Any extension MUST follow this principle as well. Note that, for historical reasons, the 211 response code is an exception to this in that the response may be single-line or multi-line depending on the command (GROUP or LISTGROUP) that generated it. In all other cases, the client MUST only use the status indicator itself to determine the nature of the response. The exact response codes that can be returned by any given command are detailed in the description of that command. Arguments MUST be separated from the numeric status indicator and from each other by a single space. All numeric arguments MUST be in base 10 (decimal) format and MAY have leading zeros. String arguments MUST contain at least one character and MUST NOT contain TAB, LF, CR, or space. The server MAY add any text after the response code or last argument, as appropriate, and the client MUST NOT make decisions based on this text. Such text MUST be separated from the numeric status indicator or the last argument by at least one space.
Top   ToC   RFC3977 - Page 10
   The server MUST respond to any command with the appropriate generic
   response (given in Section 3.2.1) if it represents the situation.
   Otherwise, each recognized command MUST return one of the response
   codes specifically listed in its description or in an extension.  A
   server MAY provide extensions to this specification, including new
   commands, new variants or features of existing commands, and other
   ways of changing the internal state of the server.  However, the
   server MUST NOT produce any other responses to a client that does not
   invoke any of the additional features.  (Therefore, a client that
   restricts itself to this specification will only receive the
   responses that are listed.)

   If a client receives an unexpected response, it SHOULD use the first
   digit of the response to determine the result.  For example, an
   unexpected 2xx should be taken as success, and an unexpected 4xx or
   5xx as failure.

   Response codes not specified in this document MAY be used for any
   installation-specific additional commands also not specified.  These
   SHOULD be chosen to fit the pattern of x9x specified above.

   Neither this document nor any registered extension (see
   Section 3.3.3) will specify any response codes of the x9x pattern.
   (Implementers of extensions are accordingly cautioned not to use such
   responses for extensions that may subsequently be submitted for
   registration.)

3.2.1. Generic Response Codes

The server MUST respond to any command with the appropriate one of the following generic responses if it represents the situation. If the command is not recognized, or if it is an optional command that is not implemented by the server, the response code 500 MUST be returned. If there is a syntax error in the arguments of a recognized command, including the case where more arguments are provided than the command specifies or the command line is longer than the server accepts, the response code 501 MUST be returned. The line MUST NOT be truncated or split and then interpreted. Note that where a command has variants depending on a second keyword (e.g., LIST ACTIVE and LIST NEWSGROUPS), 501 MUST be used when the base command is implemented but the requested variant is not, and 500 MUST be used only when the base command itself is not implemented. If an argument is required to be a base64-encoded string [RFC4648] (there are no such arguments in this specification, but there may be
Top   ToC   RFC3977 - Page 11
   in extensions) and is not validly encoded, the response code 504 MUST
   be returned.

   If the server experiences an internal fault or problem that means it
   is unable to carry out the command (for example, a necessary file is
   missing or a necessary service could not be contacted), the response
   code 403 MUST be returned.  If the server recognizes the command but
   does not provide an optional feature (for example, because it does
   not store the required information), or if it only handles a subset
   of legitimate cases (see the HDR command, Section 8.5, for an
   example), the response code 503 MUST be returned.

   If the client is not authorized to use the specified facility when
   the server is in its current state, then the appropriate one of the
   following response codes MUST be used.

   502: It is necessary to terminate the connection and to start a new
      one with the appropriate authority before the command can be used.
      Historically, some mode-switching servers (see Section 3.4.1) used
      this response to indicate that this command will become available
      after the MODE READER command (Section 5.3) is used, but this
      usage does not conform to this specification and MUST NOT be used.
      Note that the server MUST NOT close the connection immediately
      after a 502 response except at the initial connection
      (Section 5.1) and with the MODE READER command.

   480: The client must authenticate itself to the server (that is, it
      must provide information as to the identity of the client) before
      the facility can be used on this connection.  This will involve
      the use of an authentication extension such as [NNTP-AUTH].

   483: The client must negotiate appropriate privacy protection on the
      connection.  This will involve the use of a privacy extension such
      as [NNTP-TLS].

   401: The client must change the state of the connection in some other
      manner.  The first argument of the response MUST be the capability
      label (see Section 5.2) of the facility that provides the
      necessary mechanism (usually an extension, which may be a private
      extension).  The server MUST NOT use this response code except as
      specified by the definition of the capability in question.

   If the server has to terminate the connection for some reason, it
   MUST give a 400 response code to the next command and then
   immediately close the connection.  Following a 400 response, clients
   SHOULD NOT simply reconnect immediately and retry the same actions.
   Rather, a client SHOULD either use an exponentially increasing delay
   between retries (e.g., double the waiting time after each 400
Top   ToC   RFC3977 - Page 12
   response) or present any associated text to the user for them to
   decide whether and when to retry.

   The client MUST be prepared to receive any of these responses for any
   command (except, of course, that the server MUST NOT generate a 500
   response code for mandatory commands).

3.2.1.1. Examples
Example of an unknown command: [C] MAIL [S] 500 Unknown command Example of an unsupported command: [C] CAPABILITIES [S] 101 Capability list: [S] VERSION 2 [S] READER [S] NEWNEWS [S] LIST ACTIVE NEWSGROUPS [S] . [C] OVER [S] 500 Unknown command Example of an unsupported variant: [C] MODE POSTER [S] 501 Unknown MODE option Example of a syntax error: [C] ARTICLE a.message.id@no.angle.brackets [S] 501 Syntax error Example of an overlong command line: [C] HEAD 53 54 55 [S] 501 Too many arguments Example of a bad wildmat: [C] LIST ACTIVE u[ks].* [S] 501 Syntax error
Top   ToC   RFC3977 - Page 13
   Example of a base64-encoding error (the second argument is meant to
   be base64 encoded):

      [C] XENCRYPT RSA abcd=efg
      [S] 504 Base64 encoding error

   Example of an attempt to access a facility not available to this
   connection:

      [C] MODE READER
      [S] 200 Reader mode, posting permitted
      [C] IHAVE <i.am.an.article.you.will.want@example.com>
      [S] 500 Permission denied

   Example of an attempt to access a facility requiring authentication:

      [C] GROUP secret.group
      [S] 480 Permission denied

   Example of a successful attempt following such authentication:

      [C] XSECRET fred flintstone
      [S] 290 Password for fred accepted
      [C] GROUP secret.group
      [S] 211 5 1 20 secret.group selected

   Example of an attempt to access a facility requiring privacy:

      [C] GROUP secret.group
      [S] 483 Secure connection required
      [C] XENCRYPT
      [Client and server negotiate encryption on the link]
      [S] 283 Encrypted link established
      [C] GROUP secret.group
      [S] 211 5 1 20 secret.group selected

   Example of a need to change mode before a facility is used:

      [C] GROUP binary.group
      [S] 401 XHOST Not on this virtual host
      [C] XHOST binary.news.example.org
      [S] 290 binary.news.example.org virtual host selected
      [C] GROUP binary.group
      [S] 211 5 1 77 binary.group selected
Top   ToC   RFC3977 - Page 14
   Example of a temporary failure:

      [C] GROUP archive.local
      [S] 403 Archive server temporarily offline

   Example of the server needing to close down immediately:

      [C] ARTICLE 123
      [S] 400 Power supply failed, running on UPS
      [Server closes connection.]

3.3. Capabilities and Extensions

Not all NNTP servers provide exactly the same facilities, both because this specification allows variation and because servers may provide extensions. A set of facilities that are related are called a "capability". This specification provides a way to determine what capabilities are available, includes a list of standard capabilities, and includes a mechanism (the extension mechanism) for defining new capabilities.

3.3.1. Capability Descriptions

A client can determine the available capabilities of the server by using the CAPABILITIES command (Section 5.2). This returns a capability list, which is a list of capability lines. Each line describes one available capability. Each capability line consists of one or more tokens, which MUST be separated by one or more space or TAB characters. A token is a string of 1 or more printable UTF-8 characters (that is, either printable US-ASCII characters or any UTF-8 sequence outside the US- ASCII range, but not space or TAB). Unless stated otherwise, tokens are case insensitive. Each capability line consists of the following: o The capability label, which is a keyword indicating the capability. A capability label may be defined by this specification or a successor, or by an extension. o The label is then followed by zero or more tokens, which are arguments of the capability. The form and meaning of these tokens is specific to each capability. The server MUST ensure that the capability list accurately reflects the capabilities (including extensions) currently available. If a capability is only available with the server in a certain state (for example, only after authentication), the list MUST only include the
Top   ToC   RFC3977 - Page 15
   capability label when the server is in that state.  Similarly, if
   only some of the commands in an extension will be available, or if
   the behaviour of the extension will change in some other manner,
   according to the state of the server, this MUST be indicated by
   different arguments in the capability line.

   Note that a capability line can only begin with a letter.  Lines
   beginning with other characters are reserved for future versions of
   this specification.  In order to interoperate with such versions,
   clients MUST be prepared to receive lines beginning with other
   characters and MUST ignore any they do not understand.

3.3.2. Standard Capabilities

The following capabilities are defined by this specification. VERSION This capability MUST be advertised by all servers and MUST be the first capability in the capability list; it indicates the version(s) of NNTP that the server supports. There must be at least one argument; each argument is a decimal number and MUST NOT have a leading zero. Version numbers are assigned only in RFCs that update or replace this specification; servers MUST NOT create their own version numbers. The version number of this specification is 2. READER This capability indicates that the server implements the various commands useful for reading clients. IHAVE This capability indicates that the server implements the IHAVE command. POST This capability indicates that the server implements the POST command. NEWNEWS This capability indicates that the server implements the NEWNEWS command. HDR This capability indicates that the server implements the header access commands (HDR and LIST HEADERS).
Top   ToC   RFC3977 - Page 16
   OVER
      This capability indicates that the server implements the overview
      access commands (OVER and LIST OVERVIEW.FMT).  If and only if the
      server supports the message-id form of the OVER command, there
      must be a single argument MSGID.

   LIST
      This capability indicates that the server implements at least one
      variant of the LIST command.  There MUST be one argument for each
      variant of the LIST command supported by the server, giving the
      keyword for that variant.

   IMPLEMENTATION
      This capability MAY be provided by a server.  If so, the arguments
      SHOULD be used to provide information such as the server software
      name and version number.  The client MUST NOT use this line to
      determine capabilities of the server.  (While servers often
      provide this information in the initial greeting, clients need to
      guess whether this is the case; this capability makes it clear
      what the information is.)

   MODE-READER
      This capability indicates that the server is mode-switching
      (Section 3.4.2) and that the MODE READER command needs to be used
      to enable the READER capability.

3.3.3. Extensions

Although NNTP is widely and robustly deployed, some parts of the Internet community might wish to extend the NNTP service. It must be emphasized that any extension to NNTP should not be considered lightly. NNTP's strength comes primarily from its simplicity. Experience with many protocols has shown that: Protocols with few options tend towards ubiquity, whilst protocols with many options tend towards obscurity. This means that each and every extension, regardless of its benefits, must be carefully scrutinized with respect to its implementation, deployment, and interoperability costs. In many cases, the cost of extending the NNTP service will likely outweigh the benefit. An extension is a package of associated facilities, often but not always including one or more new commands. Each extension MUST define at least one new capability label (this will often, but need not, be the name of one of these new commands). While any additional capability information can normally be specified using arguments to
Top   ToC   RFC3977 - Page 17
   that label, an extension MAY define more than one capability label.
   However, this SHOULD be limited to exceptional circumstances.

   An extension is either a private extension, or its capabilities are
   included in the IANA registry of capabilities (see Section 3.3.4) and
   it is defined in an RFC (in which case it is a "registered
   extension").  Such RFCs either must be on the standards track or must
   define an IESG-approved experimental protocol.

   The definition of an extension must include the following:

   o  a descriptive name for the extension.

   o  the capability label or labels defined by the extension (the
      capability label of a registered extension MUST NOT begin with
      "X").

   o  The syntax, values, and meanings of any arguments for each
      capability label defined by the extension.

   o  Any new NNTP commands associated with the extension (the names of
      commands associated with registered extensions MUST NOT begin with
      "X").

   o  The syntax and possible values of arguments associated with the
      new NNTP commands.

   o  The response codes and possible values of arguments for the
      responses of the new NNTP commands.

   o  Any new arguments the extension associates with any other
      pre-existing NNTP commands.

   o  Any increase in the maximum length of commands and initial
      response lines over the value specified in this document.

   o  A specific statement about the effect on pipelining that this
      extension may have (if any).

   o  A specific statement about the circumstances when use of this
      extension can alter the contents of the capabilities list (other
      than the new capability labels it defines).

   o  A specific statement about the circumstances under which the
      extension can cause any pre-existing command to produce a 401,
      480, or 483 response.
Top   ToC   RFC3977 - Page 18
   o  A description of how the use of MODE READER on a mode-switching
      server interacts with the extension.

   o  A description of how support for the extension affects the
      behaviour of a server and NNTP client in any other manner not
      outlined above.

   o  Formal syntax as described in Section 9.9.

   A private extension MAY or MAY NOT be included in the capabilities
   list.  If it is, the capability label MUST begin with "X".  A server
   MAY provide additional keywords (for new commands and also for new
   variants of existing commands) as part of a private extension.  To
   avoid the risk of a clash with a future registered extension, these
   keywords SHOULD begin with "X".

   If the server advertises a capability defined by a registered
   extension, it MUST implement the extension so as to fully conform
   with the specification (for example, it MUST implement all the
   commands that the extension describes as mandatory).  If it does not
   implement the extension as specified, it MUST NOT list the extension
   in the capabilities list under its registered name.  In that case, it
   MAY, but SHOULD NOT, provide a private extension (not listed, or
   listed with a different name) that implements part of the extension
   or implements the commands of the extension with a different meaning.

   A server MUST NOT send different response codes to basic NNTP
   commands documented here or to commands documented in registered
   extensions in response to the availability or use of a private
   extension.

3.3.4. Initial IANA Register

IANA will maintain a registry of NNTP capability labels. All capability labels in the registry MUST be keywords and MUST NOT begin with X.
Top   ToC   RFC3977 - Page 19
   The initial content of the registry consists of these entries:

   +-------------------+--------------------------+--------------------+
   | Label             | Meaning                  | Definition         |
   +-------------------+--------------------------+--------------------+
   | AUTHINFO          | Authentication           | [NNTP-AUTH]        |
   |                   |                          |                    |
   | HDR               | Batched header retrieval | Section 3.3.2,     |
   |                   |                          | Section 8.5, and   |
   |                   |                          | Section 8.6        |
   |                   |                          |                    |
   | IHAVE             | IHAVE command available  | Section 3.3.2 and  |
   |                   |                          | Section 6.3.2      |
   |                   |                          |                    |
   | IMPLEMENTATION    | Server                   | Section 3.3.2      |
   |                   | implementation-specific  |                    |
   |                   | information              |                    |
   |                   |                          |                    |
   | LIST              | LIST command variants    | Section 3.3.2 and  |
   |                   |                          | Section 7.6.1      |
   |                   |                          |                    |
   | MODE-READER       | Mode-switching server    | Section 3.4.2      |
   |                   | and MODE READER command  |                    |
   |                   | available                |                    |
   |                   |                          |                    |
   | NEWNEWS           | NEWNEWS command          | Section 3.3.2 and  |
   |                   | available                | Section 7.4        |
   |                   |                          |                    |
   | OVER              | Overview support         | Section 3.3.2,     |
   |                   |                          | Section 8.3, and   |
   |                   |                          | Section 8.4        |
   |                   |                          |                    |
   | POST              | POST command available   | Section 3.3.2 and  |
   |                   |                          | Section 6.3.1      |
   |                   |                          |                    |
   | READER            | Reader commands          | Section 3.3.2      |
   |                   | available                |                    |
   |                   |                          |                    |
   | SASL              | Supported SASL           | [NNTP-AUTH]        |
   |                   | mechanisms               |                    |
   |                   |                          |                    |
   | STARTTLS          | Transport layer security | [NNTP-TLS]         |
   |                   |                          |                    |
   | STREAMING         | Streaming feeds          | [NNTP-STREAM]      |
   |                   |                          |                    |
   | VERSION           | Supported NNTP versions  | Section 3.3.2      |
   +-------------------+--------------------------+--------------------+
Top   ToC   RFC3977 - Page 20

3.4. Mandatory and Optional Commands

For a number of reasons, not all the commands in this specification are mandatory. However, it is equally undesirable for every command to be optional, since this means that a client will have no idea what facilities are available. Therefore, as a compromise, some of the commands in this specification are mandatory (they must be supported by all servers) while the remainder are not. The latter are then subdivided into bundles, each indicated by a single capability label. o If the label is included in the capability list returned by the server, the server MUST support all commands in that bundle. o If the label is not included, the server MAY support none or some of the commands but SHOULD NOT support all of them. In general, there will be no way for a client to determine which commands are supported without trying them. The bundles have been chosen to provide useful functionality, and therefore server authors are discouraged from implementing only part of a bundle. The description of each command will either indicate that it is mandatory, or will give, using the term "indicating capability", the capability label indicating whether the bundle including this command is available. Where a server does not implement a command, it MUST always generate a 500 generic response code (or a 501 generic response code in the case of a variant of a command depending on a second keyword where the base command is recognised). Otherwise, the command MUST be fully implemented as specified; a server MUST NOT only partially implement any of the commands in this specification. (Client authors should note that some servers not conforming to this specification will return a 502 generic response code to some commands that are not implemented.) Note: some commands have cases that require other commands to be used first. If the former command is implemented but the latter is not, the former MUST still generate the relevant specific response code. For example, if ARTICLE (Section 6.2.1) is implemented but GROUP (Section 6.1.1) is not, the correct response to "ARTICLE 1234" remains 412.
Top   ToC   RFC3977 - Page 21

3.4.1. Reading and Transit Servers

NNTP is traditionally used in two different ways. The first use is "reading", where the client fetches articles from a large store maintained by the server for immediate or later presentation to a user and sends articles created by that user back to the server (an action called "posting") to be stored and distributed to other stores and users. The second use is for the bulk transfer of articles from one store to another. Since the hosts making this transfer tend to be peers in a network that transmit articles among one another, and not end-user systems, this process is called "peering" or "transit". (Even so, one host is still the client and the other is the server). In practice, these two uses are so different that some server implementations are optimised for reading or for transit and, as a result, do not offer the other facility or only offer limited features. Other implementations are more general and offer both. This specification allows for this by bundling the relevant commands accordingly: the IHAVE command is designed for transit, while the commands indicated by the READER capability are designed for reading clients. Except as an effect of the MODE READER command (Section 5.3) on a mode-switching server, once a server advertises either or both of the IHAVE or READER capabilities, it MUST continue to advertise them for the entire session. A server MAY provide different modes of behaviour (transit, reader, or a combination) to different client connections and MAY use external information, such as the IP address of the client, to determine which mode to provide to any given connection. The official TCP port for the NNTP service is 119. However, if a host wishes to offer separate servers for transit and reading clients, port 433 SHOULD be used for the transit server and 119 for the reading server.

3.4.2. Mode Switching

An implementation MAY, but SHOULD NOT, provide both transit and reader facilities on the same server but require the client to select which it wishes to use. Such an arrangement is called a "mode-switching" server.
Top   ToC   RFC3977 - Page 22
   A mode-switching server has two modes:

   o  Transit mode, which applies after the initial connection.

      *  It MUST advertise the MODE-READER capability.

      *  It MUST NOT advertise the READER capability.

      However, the server MAY cease to advertise the MODE-READER
      capability after the client uses any command except CAPABILITIES.

   o  Reading mode, after a successful MODE READER command (see Section
      5.3).

      *  It MUST NOT advertise the MODE-READER capability.

      *  It MUST advertise the READER capability.

      *  It MAY NOT advertise the IHAVE capability, even if it was
         advertising it in transit mode.

   A client SHOULD only issue a MODE READER command to a server if it is
   advertising the MODE-READER capability.  If the server does not
   support CAPABILITIES (and therefore does not conform to this
   specification), the client MAY use the following heuristic:

   o  If the client wishes to use any "reader" commands, it SHOULD use
      the MODE READER command immediately after the initial connection.

   o  Otherwise, it SHOULD NOT use the MODE READER command.

   In each case, it should be prepared for some commands to be
   unavailable that would have been available if it had made the other
   choice.

3.5. Pipelining

NNTP is designed to operate over a reliable bi-directional connection, such as TCP. Therefore, if a command does not depend on the response to the previous one, it should not matter if it is sent before that response is received. Doing this is called "pipelining". However, certain server implementations throw away all text received from the client following certain commands before sending their response. If this happens, pipelining will be affected because one or more commands will have been ignored or misinterpreted, and the client will be matching the wrong responses to each command. Since there are significant benefits to pipelining, but also circumstances where it is reasonable or common for servers to behave in the above
Top   ToC   RFC3977 - Page 23
   manner, this document puts certain requirements on both clients and
   servers.

   Except where stated otherwise, a client MAY use pipelining.  That is,
   it may send a command before receiving the response for the previous
   command.  The server MUST allow pipelining and MUST NOT throw away
   any text received after a command.  Irrespective of whether
   pipelining is used, the server MUST process commands in the order
   they are sent.

   If the specific description of a command says it "MUST NOT be
   pipelined", that command MUST end any pipeline of commands.  That is,
   the client MUST NOT send any following command until it receives the
   CRLF at the end of the response from the command.  The server MAY
   ignore any data received after the command and before the CRLF at the
   end of the response is sent to the client.

   The initial connection must not be part of a pipeline; that is, the
   client MUST NOT send any command until it receives the CRLF at the
   end of the greeting.

   If the client uses blocking system calls to send commands, it MUST
   ensure that the amount of text sent in pipelining does not cause a
   deadlock between transmission and reception.  The amount of text
   involved will depend on window sizes in the transmission layer;
   typically, it is 4k octets for TCP.  (Since the server only sends
   data in response to commands from the client, the converse problem
   does not occur.)

3.5.1. Examples

Example of correct use of pipelining: [C] GROUP misc.test [C] STAT [C] NEXT [S] 211 1234 3000234 3002322 misc.test [S] 223 3000234 <45223423@example.com> retrieved [S] 223 3000237 <668929@example.org> retrieved Example of incorrect use of pipelining (the MODE READER command may not be pipelined): [C] MODE READER [C] DATE [C] NEXT [S] 200 Server ready, posting allowed [S] 223 3000237 <668929@example.org> retrieved
Top   ToC   RFC3977 - Page 24
   The DATE command has been thrown away by the server, so there is no
   111 response to match it.

3.6. Articles

NNTP is intended to transfer articles between clients and servers. For the purposes of this specification, articles are required to conform to the rules in this section, and clients and servers MUST correctly process any article received from the other that does so. Note that this requirement applies only to the contents of communications over NNTP; it does not prevent the client or server from subsequently rejecting an article for reasons of local policy. Also see Appendix A for further restrictions on the format of articles in some uses of NNTP. An article consists of two parts: the headers and the body. They are separated by a single empty line, or in other words by two consecutive CRLF pairs (if there is more than one empty line, the second and subsequent ones are part of the body). In order to meet the general requirements of NNTP, an article MUST NOT include the octet NUL, MUST NOT contain the octets LF and CR other than as part of a CRLF pair, and MUST end with a CRLF pair. This specification puts no further restrictions on the body; in particular, it MAY be empty. The headers of an article consist of one or more header lines. Each header line consists of a header name, a colon, a space, the header content, and a CRLF, in that order. The name consists of one or more printable US-ASCII characters other than colon and, for the purposes of this specification, is not case sensitive. There MAY be more than one header line with the same name. The content MUST NOT contain CRLF; it MAY be empty. A header may be "folded"; that is, a CRLF pair may be placed before any TAB or space in the line. There MUST still be some other octet between any two CRLF pairs in a header line. (Note that folding means that the header line occupies more than one line when displayed or transmitted; nevertheless, it is still referred to as "a" header line.) The presence or absence of folding does not affect the meaning of the header line; that is, the CRLF pairs introduced by folding are not considered part of the header content. Header lines SHOULD NOT be folded before the space after the colon that follows the header name and SHOULD include at least one octet other than %x09 or %x20 between CRLF pairs. However, if an article that fails to satisfy this requirement has been received from elsewhere, clients and servers MAY transfer it to each other without re-folding it.
Top   ToC   RFC3977 - Page 25
   The content of a header SHOULD be in UTF-8.  However, if an
   implementation receives an article from elsewhere that uses octets in
   the range 128 to 255 in some other manner, it MAY pass it to a client
   or server without modification.  Therefore, implementations MUST be
   prepared to receive such headers, and data derived from them (e.g.,
   in the responses from the OVER command, Section 8.3), and MUST NOT
   assume that they are always UTF-8.  Any external processing of those
   headers, including identifying the encoding used, is outside the
   scope of this document.

   Each article MUST have a unique message-id; two articles offered by
   an NNTP server MUST NOT have the same message-id.  For the purposes
   of this specification, message-ids are opaque strings that MUST meet
   the following requirements:

   o  A message-id MUST begin with "<", end with ">", and MUST NOT
      contain the latter except at the end.

   o  A message-id MUST be between 3 and 250 octets in length.

   o  A message-id MUST NOT contain octets other than printable US-ASCII
      characters.

   Two message-ids are the same if and only if they consist of the same
   sequence of octets.

   This specification does not describe how the message-id of an article
   is determined.  If the server does not have any way to determine a
   message-id from the article itself, it MUST synthesize one (this
   specification does not require that the article be changed as a
   result).  See also Appendix A.2.



(page 25 continued on part 2)

Next Section