Re: [apps-discuss] Missing IANA Considerations for TFTP
John C Klensin <john-ietf@jck.com> Mon, 22 August 2011 07:26 UTC
Return-Path: <john-ietf@jck.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9B7721F873A for <apps-discuss@ietfa.amsl.com>; Mon, 22 Aug 2011 00:26:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.586
X-Spam-Level:
X-Spam-Status: No, score=-102.586 tagged_above=-999 required=5 tests=[AWL=0.013, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R9lwhE1qDIQg for <apps-discuss@ietfa.amsl.com>; Mon, 22 Aug 2011 00:26:52 -0700 (PDT)
Received: from bs.jck.com (ns.jck.com [209.187.148.211]) by ietfa.amsl.com (Postfix) with ESMTP id D6DEB21F86AC for <apps-discuss@ietf.org>; Mon, 22 Aug 2011 00:26:51 -0700 (PDT)
Received: from [127.0.0.1] (helo=localhost) by bs.jck.com with esmtp (Exim 4.34) id 1QvOvF-000Hcv-6H; Mon, 22 Aug 2011 03:27:49 -0400
X-Vipre-Scanned: 0D0130850028000D0131D2-TDI
Date: Mon, 22 Aug 2011 03:27:48 -0400
From: John C Klensin <john-ietf@jck.com>
To: Harald Alvestrand <harald@alvestrand.no>, Mykyta Yevstifeyev <evnikita2@gmail.com>
Message-ID: <2936C17968C3337AA978E4A4@localhost>
In-Reply-To: <4E51F0B4.1020102@alvestrand.no>
References: <4E50D21B.1070500@gmail.com> <CAHhFybpK-6n2v+zXzx5tC9h0YBL1mi8Q0OSVVkVa0ZDRULaWDQ@mail.gmail.com> <4E51D891.20609@gmail.com> <4E51F0B4.1020102@alvestrand.no>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Cc: Apps-discuss list <apps-discuss@ietf.org>
Subject: Re: [apps-discuss] Missing IANA Considerations for TFTP
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Aug 2011 07:26:53 -0000
--On Monday, August 22, 2011 08:01 +0200 Harald Alvestrand <harald@alvestrand.no> wrote: > TFTP is a protocol of ultimate stupidity^^^^naivete, made for > a simpler and less paranoid world; why do you want to touch it > at all? > > As to why the protocol action from May 1998 does not mention > IANA considerations - this was before the IANA considerations > got completely institutionalized - RFC 2434 was still 5 months > in the future. >... > My recommendation: It's been 15 years or more since someone > really cared about these non-registries. Let this particular > corpse sleep in peace. +1 I would add two things to Harald's comments: -- Historically, we rarely created IANA registries for protocol options unless we expected an ongoing series of added options. As an example, the FTP registry created by RFC 5797 arguably should have been created when a formal extension mechanism was established in RFC 3659, but none was established earlier despite the fact that the authors of RFC 959 could have established such a registry with no external approval action whatsoever. -- Because TFTP lacks even rudimentary, symbolic, security mechanisms, it is unsuited for use on the public Internet. If it is appropriate for any use at all any more, it is for well-protected LANs and walled gardens with really high and effective walls. If someone wanted to put in energy on TFTP today, I think that energy would be better spent in a good security analysis and set of recommendations as to how to use it safely. Such a document would probably be difficult to write unless one took the easy path of a document that, boilerplate and structure aside, would consist of one line: "Just say 'no'". john
- [apps-discuss] Missing IANA Considerations for TF… Mykyta Yevstifeyev
- Re: [apps-discuss] Missing IANA Considerations fo… Frank Ellermann
- Re: [apps-discuss] Missing IANA Considerations fo… Mykyta Yevstifeyev
- Re: [apps-discuss] Missing IANA Considerations fo… Harald Alvestrand
- Re: [apps-discuss] Missing IANA Considerations fo… John C Klensin
- Re: [apps-discuss] Missing IANA Considerations fo… t.petch
- Re: [apps-discuss] Missing IANA Considerations fo… Frank Ellermann