Re: A future for the SSH File Transfer Protocol?

[Damien Miller <djm%mindrot.org@localhost>]

On Sun, 11 Nov 2001, Anthony DeRobertis wrote:

> 
> On Sunday, November 11, 2001, at 02:35 , Theo de Raadt wrote:
> 
> >
> > scp protocol IS rcp protocol.  They are 100% the same, and have 100%
> > the same flaws.
> 
> IMO, the biggest flaws with rcp are the lack of strong 
> authentication and the lack of encryption.

These have already been mentioned:

- Inability to use \n in file names
- Poor error handling
- Serverside globbing
- To be secure a client needs to second-guess the paths sent from the server.

I'll add these:

- Inability to do basic filesystem operations (e.g. rename)
- Inability to access parts of files, or continue aborted transfers

> Running rcp over ssh provides both of those. I am aware of the 
> other issues, like file name issues (I've run into them myself); 
> and things like the remote side handling expansions can be 
> checked on the local side. I don't consider that nearly as 
> important as the first two. 

You really want to have a protocol which forces clients to include code
to protect from a hostile server? That is asking for insecure 
implementations.

>There are also some problems with 
> passing metadata (I'm on a Mac at the moment), but those can 
> also be taken care of.

If we are going to change a 10+ y/o protocol, why not just write a new one
without the (many) inherent flaws. Even better, why not just tweak the one
that has _already been written and implemented_.

> Now, if sftp is to be more like FTP than rcp, I'd understand 
> that. But I don't think 'rcp without flaws' is a very good spec 
> of what you're doing.

Why are we discussing requirements on somethings that is already
specified and widely deployed?

-d

-- 
| By convention there is color,       \\ Damien Miller <djm%mindrot.org@localhost>
| By convention sweetness, By convention bitterness, \\ www.mindrot.org
| But in reality there are atoms and space - Democritus (c. 400 BCE)