Subject: Re: rfc2228 in ftpd
To: Steven M. Bellovin <smb@research.att.com>
From: Perry E. Metzger <perry@piermont.com>
List: tech-userlevel
Date: 06/23/2002 23:27:21
"Steven M. Bellovin" <smb@research.att.com> writes:
> In message <87znxljs27.fsf@snark.piermont.com>, "Perry E. Metzger" writes:
> >Yah, but it has never gotten past Proposed to Draft, and I'm unaware
> >of implementations. At the time it was written, the world was very
> >different, and rolling (mostly) your own security transport was
> >common. Now everyone Just Uses SSL. The question in my mind is, given
> >the utter lack of implementations, do we want something where we've
> >got a whole new protocol with potential holes, or do we Just Use SSL
> >so we can piggy back on its properties?
> >
> >Steve, you're a Security AD. What's your opinion?
>
> As I said, I have no idea if anyone else has implemented it, modulo the
> note from Ken Hornstein.
>
> But don't read too much -- or too little -- into the fact that it's a
> Proposed Standard.
I'm well aware of that. I'm more interested in the question of whether
or not Yet Another Security Mechanism is a good idea.
Perry