Re: [apps-discuss] Missing IANA Considerations for TFTP

John C Klensin <john-ietf@jck.com> Mon, 22 August 2011 07:26 UTC

Return-Path: <john-ietf@jck.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9B7721F873A for <apps-discuss@ietfa.amsl.com>; Mon, 22 Aug 2011 00:26:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.586
X-Spam-Level:
X-Spam-Status: No, score=-102.586 tagged_above=-999 required=5 tests=[AWL=0.013, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R9lwhE1qDIQg for <apps-discuss@ietfa.amsl.com>; Mon, 22 Aug 2011 00:26:52 -0700 (PDT)
Received: from bs.jck.com (ns.jck.com [209.187.148.211]) by ietfa.amsl.com (Postfix) with ESMTP id D6DEB21F86AC for <apps-discuss@ietf.org>; Mon, 22 Aug 2011 00:26:51 -0700 (PDT)
Received: from [127.0.0.1] (helo=localhost) by bs.jck.com with esmtp (Exim 4.34) id 1QvOvF-000Hcv-6H; Mon, 22 Aug 2011 03:27:49 -0400
X-Vipre-Scanned: 0D0130850028000D0131D2-TDI
Date: Mon, 22 Aug 2011 03:27:48 -0400
From: John C Klensin <john-ietf@jck.com>
To: Harald Alvestrand <harald@alvestrand.no>, Mykyta Yevstifeyev <evnikita2@gmail.com>
Message-ID: <2936C17968C3337AA978E4A4@localhost>
In-Reply-To: <4E51F0B4.1020102@alvestrand.no>
References: <4E50D21B.1070500@gmail.com> <CAHhFybpK-6n2v+zXzx5tC9h0YBL1mi8Q0OSVVkVa0ZDRULaWDQ@mail.gmail.com> <4E51D891.20609@gmail.com> <4E51F0B4.1020102@alvestrand.no>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Cc: Apps-discuss list <apps-discuss@ietf.org>
Subject: Re: [apps-discuss] Missing IANA Considerations for TFTP
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Aug 2011 07:26:53 -0000

--On Monday, August 22, 2011 08:01 +0200 Harald Alvestrand
<harald@alvestrand.no> wrote:

> TFTP is a protocol of ultimate stupidity^^^^naivete, made for
> a simpler and less paranoid world; why do you want to touch it
> at all?
> 
> As to why the protocol action from May 1998 does not mention
> IANA considerations - this was before the IANA considerations
> got completely institutionalized - RFC 2434 was still 5 months
> in the future.
>...
> My recommendation: It's been 15 years or more since someone
> really cared about these non-registries. Let this particular
> corpse sleep in peace.

+1

I would add two things to Harald's comments:

-- Historically, we rarely created IANA registries for protocol
options unless we expected an ongoing series of added options.
As an example, the FTP registry created by RFC 5797 arguably
should have been created when a formal extension mechanism was
established in RFC 3659, but none was established earlier
despite the fact that the authors of RFC 959 could have
established such a registry with no external approval action
whatsoever.

-- Because TFTP lacks even rudimentary, symbolic, security
mechanisms, it is unsuited for use on the public Internet.  If
it is appropriate for any use at all any more, it is for
well-protected LANs and walled gardens with really high and
effective walls.  If someone wanted to put in energy on TFTP
today, I think that energy would be better spent in a good
security analysis and set of recommendations as to how to use it
safely.   Such a document would probably be difficult to write
unless one took the easy path of a document that, boilerplate
and structure aside, would consist of one line: "Just say 'no'".

   john