Re: Do we have standards available for scp ??

[Thor Simon <tls%cs.stevens-tech.edu@localhost>]

On Tue, Jan 15, 2002 at 03:04:18PM -0500, Andrew Brown wrote:
> >> >> Frankly, it would be also good to document RCP and to have a lengthy
> >> >> description of why RCP is a bad idea operationally (e.g. list of
> >> >> security risks with RCP) and even suggest using SCP instead (to
> >> >> reduce security risks).
> >> >
> >> >But SCP == RCP (the protocols), so either _both_ are secure
> >> >or _none_.
> >> 
> >> well...yes and no.  they are almost the same, but there are also
> >> places where they differ radically, depending on your point of view.
> >> for example, in the source() routine of my netbsd-current rcp:
> >
> >well, that's not really a protocol issue.
> 
> not an ssh protocol issue, certainly, but how scp or rcp talks to the
> other end is.  using fsecure's scp to copy a five gigabyte file from
> an x86 machine to an alpha won't work very well.  that's an *scp*
> protocol failure, and that implies me that there ought to be some
> simple guidelines.

Really, the only thing wrong with F-secure's scp is that it's *REALLY OLD*.
It is missing bugfixes that went into BSD's rcp about a decade ago.  Indeed,
'rcp' of the 4.2BSD era will not work correctly between an x86 and an Alpha.

I have an Informational RFC on 'rcp' pretty much ready (FWIW, I document the
modern version of the protocol, not the ancient version F-Secure used for
their scp; generally, these interoperate, except in conditions like the one
Andrew describes above) but there was highly negative raction last time I
mentioned that on this list so I decided not to spend more time on it.  Did
I misapprehend the general feeling about this subject?