Re: Suggested extension

[Peter Eriksson <pen@lysator.liu.se>]

Ned Freed <NED@SIGURD.INNOSOFT.COM> writes:

> Just because this particular extension doesn't offer much exposure (i.e.
> the password doesn't protect anything that important) is no excuse for
> deploying another clear-text-password scheme on the Internet. Such schemes
> should be carefully limited to the essential cases, since fixing them
> later is quite costly.

Fine by me. Perhaps I shouldn't have called that field "password" but
rather something else. I included it since I thought that either way
one would need a placeholder for some kind of authentication
information.

The exact method of how to do the authentication could very well be
implemented locally since after all this will be a feature used only
locally.

I've had a suggestion that the format for "extended" requests should
be changed from:

   <Port#> , <Port#> : <Request-Type> : <Additional-Info>

into:

   <Request-Type> : <Additional-Info>

Where <Request-Type> can be "REMOTE" and then <Additional-Info> will
be something like:

   <Port#> , <Port#> : <IP#> , <Password-or-key-or-whatever>

(and the last ", <Pass...ever>" part is optional). Some examples
to valid requests then:

	42 , 4711
	REMOTE : 42 , 4711 : 130.236.254.22
	REMOTE : 42 , 4711 : 130.236.254.22 , xyzzy

(This has the additional good feature that it will make old
servers that doesn't understand extended requests return an error
in *all* cases.)


I still don't know if it is correct to discuss extensions to the
protocol on this list or not. Please let me know if I should take this
discussion to some other list.

/Peter

Peter Eriksson                                              pen@lysator.liu.se
Lysator Academic Computer Society                 ...!uunet!lysator.liu.se!pen
University of Linkoping, Sweden                I'm still bored. Flame me again.