Re: A future for the SSH File Transfer Protocol?

To: Damien Miller <djm%mindrot.org@localhost>
Subject: Re: A future for the SSH File Transfer Protocol?
From: Anthony DeRobertis <asd%suespammers.org@localhost>
Date: Sun, 11 Nov 2001 21:09:17 -0500


On Sunday, November 11, 2001, at 08:07 , Damien Miller wrote:


- Inability to do basic filesystem operations (e.g. rename)
- Inability to access parts of files, or continue aborted transfers


Those are issues, especially the second. But that's not rcp anymore.


You really want to have a protocol which forces clients to include code
to protect from a hostile server?

I think, by definition, cryptographic implementations must. Andwe've certainly seen a bunch of mistakes (ssh1, for example). Ithink that's a lot harder than making sure returned file namesmatch the glob.

But, sure, if we didn't have to do that, that'd be great. I justwanted to point out that is not a fatal flaw.

If we are going to change a 10+ y/o protocol, why not justwrite a new onewithout the (many) inherent flaws. Even better, why not justtweak the one
that has _already been written and implemented_.


No problem with either of those.


Why are we discussing requirements on somethings that is already
specified and widely deployed?

Because we're talking about extending it? I'd think would be agood idea to specify what is being accomplished by the protocolbefore extending it.

References:
- Re: A future for the SSH File Transfer Protocol?
  - From: Damien Miller

Prev by Date: Re: A future for the SSH File Transfer Protocol?
Next by Date: Re: A future for the SSH File Transfer Protocol?
Previous by Thread: Re: A future for the SSH File Transfer Protocol?
Next by Thread: Re: A future for the SSH File Transfer Protocol?
Indexes:

Home | Main Index | Thread Index | Old Index