IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Do we have standards available for scp ??




On Tuesday, January 15, 2002, at 09:16  AM, Markus Friedl wrote:
sure, but i don't think rcp can be fixed. it's been
deployed for years (decades?).

"Fixing RCP" isn't the issue here.  Documenting a widely deployed
protocol (e.g. SCP) is the important issue here -- even if that
means the "Security Considerations" section were to be lengthy
with the things that "need fixing" in SCP (if any).

Frankly, it would be also good to document RCP and to have a lengthy
description of why RCP is a bad idea operationally (e.g. list of
security risks with RCP) and even suggest using SCP instead (to
reduce security risks).  That's a bit outside this WG's charter
(potentially, subject to WG Chair decision), whereas documenting SCP
sufficiently to write an interoperable implementation from the RFC
would seem clearly within this WG's charter (also subject to WG Chair
decision).

IMHO,

Ran
rja%extremenetworks.com@localhost




Home | Main Index | Thread Index | Old Index