Re: Do we have standards available for scp ??

[Andrew Brown <atatat%atatdot.net@localhost>]

>> >> Frankly, it would be also good to document RCP and to have a lengthy
>> >> description of why RCP is a bad idea operationally (e.g. list of
>> >> security risks with RCP) and even suggest using SCP instead (to
>> >> reduce security risks).
>> >
>> >But SCP == RCP (the protocols), so either _both_ are secure
>> >or _none_.
>> 
>> well...yes and no.  they are almost the same, but there are also
>> places where they differ radically, depending on your point of view.
>> for example, in the source() routine of my netbsd-current rcp:
>
>well, that's not really a protocol issue.

not an ssh protocol issue, certainly, but how scp or rcp talks to the
other end is.  using fsecure's scp to copy a five gigabyte file from
an x86 machine to an alpha won't work very well.  that's an *scp*
protocol failure, and that implies me that there ought to be some
simple guidelines.

>> >Well, documenting SCP means documenting RCP.
>> 
>> otoh, an existing document covering rcp would make the scp document a
>> lot easier.
>
>sure.
>
>I just wonder why nobody seems to care about core protocol issues,
>but everybody cares about scp.

because a lot of people like it?

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior%daemon.org@localhost             * "ah!  i see you have the internet
twofsonet%graffiti.com@localhost (Andrew Brown)                that goes *ping*!"
andrew%crossbar.com@localhost       * "information is power -- share the wealth."