Re: Telnet and FTP to Historic
John C Klensin <john-ietf@jck.com> Thu, 03 December 2020 03:23 UTC
Return-Path: <john-ietf@jck.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 538853A098C for <ietf@ietfa.amsl.com>; Wed, 2 Dec 2020 19:23:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4m6k4Cq23X4V for <ietf@ietfa.amsl.com>; Wed, 2 Dec 2020 19:23:13 -0800 (PST)
Received: from bsa2.jck.com (bsa2.jck.com [70.88.254.51]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 564D53A0962 for <ietf@ietf.org>; Wed, 2 Dec 2020 19:23:13 -0800 (PST)
Received: from [198.252.137.10] (helo=PSB) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1kkfD3-00017X-5X; Wed, 02 Dec 2020 22:23:09 -0500
Date: Wed, 02 Dec 2020 22:23:03 -0500
From: John C Klensin <john-ietf@jck.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "Scott O. Bradner" <sob@sobco.com>
cc: IETF Discussion Mailing List <ietf@ietf.org>
Subject: Re: Telnet and FTP to Historic
Message-ID: <1D0384E2B7F7F057451EA9A7@PSB>
In-Reply-To: <08035677-a35e-45ed-39e9-b01df6d01010@cs.tcd.ie>
References: <AA1E0A8464BC45FB4FA44684@PSB> <2D63A357-E253-462C-864D-2BF96D3E2E18@tzi.org> <F4CD3381C5D0E24C91FC4A91@PSB> <20201201030759.GJ5364@mit.edu> <5720F933910C959C9278EBCF@PSB> <CAMm+LwgpcLxSdzgfJy2441hjNWP=Fui-f8Oq1bZB=2QdZeOUNQ@mail.gmail.com> <0c5a4935-f0b6-4b86-dc0e-3b4466bc09a4@nostrum.com> <F1FF9720-AA72-4B92-ABE7-6E0E875059BA@tzi.org> <16446.1606931808@localhost> <CAMm+Lwj51YLpwZLCxsVeg=6tBwaG845Kg4WN4hbA8Bv=pjjKrQ@mail.gmail.com> <C9D1281FC33DACED4FB385A3@PSB> <6B1BC8E3-913D-4683-A463-AD6099103749@sobco.com> <08035677-a35e-45ed-39e9-b01df6d01010@cs.tcd.ie>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Connect-IP: 198.252.137.10
X-SA-Exim-Mail-From: john-ietf@jck.com
X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/6h9tQ_jBgPL7Kd6v9Mu83I6dIMU>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Dec 2020 03:23:15 -0000
--On Wednesday, December 2, 2020 23:28 +0000 Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > Hiya, > > On 02/12/2020 23:19, Scott O. Bradner wrote: >> I fully agree with John >> >> I see no justification to move telnet &/or FTP to historic >> since they are in use (even if some people would rather that >> not be the case) and neither presents a clear danger to the >> proper functioning of the Internet > > I gotta wonder about that last. Wouldn't it be credible to > argue that telnet is in fact a real danger, if one looks at > all the CVEs that've reported on ports with admin/admin > access? I'm not sure if it'd be the right thing to do, but > I do think one can credibly argue that deprecating telnet > might be worthwhile. Stephen, First, at least from my point of view, if you (or anyone else) want to make that argument, go for it. Write the document outlining the pros and cons, point out the risks and damage you have seen, and then let's see if it is still possible to have a mature and intelligent discussion in the IETF about tradeoffs rather than arguments and discussion about these things that seem more to do with passions and biases than reality on the Internet. Two suggestions to think about as you (or others) are contemplating that: (1) Reread Section 3.3 of RFC 2026. While I'm not convinced either would be desirable, it seems to me that reclassifying telnet (or FTP) as "Limited Use" by describing the risks and identifying the characteristics of circumstances under which use might be desirable anyway would be far more plausible that trying to make it "not recommended". That might be true of whatever else is a candidate for someone's "I have a way to do that on the web and therefore the original protocol is hopelessly outdated" list [1] as well as some things we have done/specified already. For example, I have worked with several enterprises who think that they need to have the ability to inspect email traffic going in or, especially, out. Some even write employment contracts in which employees are required to explicitly agree to that or not work there. Many of them also believe in the quality of their firewalls, VPNs, and SSH-based tunnels. So, to them, RFC 8314 is unnecessary, a demand for additional overhead, and, to quote one of the relevant people "just plain arrogant". And that brings me to... (2) People use IETF standards, voluntarily, because they are the only game in town (or think we are - often for something new), because they believe the IETF gives good advice, or both. When we say "do X" to someone who is doing something else or "don't do Y anymore" to someone who is doing Y, knows it, and thinks they have perfectly good reasons (or who doesn't know they are dependent on it until we tell them, the odds of our being ignored are rather high. (Scott's question about telnet and IoT and Jared's application fit in nicely here.) Perhaps more important, we invite that person or organization to say, the next time a proposal to do someone according to IETF standards or advice comes up, "They didn't consider our situation, got the previous advice wrong, and were arrogant about it. Why on earth should we trust them with this issue." If we say "to accomplish this task, don't use our Standard, use this think we haven't bothered to standardize and for which there are only a couple of implementations instead", the effects might be even worse. I've already heard rumblings like that and assume I'm not the only one. So, again, if someone wants to write a carefully thought-out document explaining why, under circumstances you can describe, there are better alternatives than telnet, FTP, finger, whois, SMTP, etc.; why they are better; and so on, that might be very helpful. It would be especially so if avoided making claims that those are all possible circumstances. But the only good justification for deprecating telnet or FTP -- or even making a public claim that no one, at least no one in their right minds, is using them any more -- may involve having a death wish for the IETF. john [1] I know you don't feel that way and apologize if I've misstated that, but many of the recent discussions (more in other threads than this one) have felt more like a culture war than like reasoned technical arguments.
- Two FTP issues John C Klensin
- Re: Two FTP issues Carsten Bormann
- Re: Two FTP issues John C Klensin
- Re: Two FTP issues Carsten Bormann
- Re: Two FTP issues John C Klensin
- Re: Two FTP issues Carsten Bormann
- Re: Two FTP issues John C Klensin
- Re: Two FTP issues Theodore Y. Ts'o
- Re: Two FTP issues Joseph Touch
- Re: Two FTP issues Salz, Rich
- Re: Two FTP issues Larry Masinter
- Re: Two non-FTP issues John Levine
- Re: Two non-FTP issues Keith Moore
- Re: Two FTP issues John C Klensin
- Telnet and FTP to Historic Phillip Hallam-Baker
- MIME sniffing Keith Moore
- Re: Telnet and FTP to Historic Keith Moore
- Re: MIME sniffing Julian Reschke
- Re: MIME sniffing Keith Moore
- Re: Telnet and FTP to Historic Adam Roach
- Re: Telnet and FTP to Historic Carsten Bormann
- Re: Telnet and FTP to Historic Michael Richardson
- Re: Telnet and FTP to Historic Carsten Bormann
- Re: Telnet and FTP to Historic Phillip Hallam-Baker
- Re: Telnet and FTP to Historic Michael Thomas
- Re: Telnet and FTP to Historic Scott O. Bradner
- Re: Telnet and FTP to Historic John C Klensin
- Re: Telnet and FTP to Historic Scott O. Bradner
- Re: Telnet and FTP to Historic Stephen Farrell
- Re: Telnet and FTP to Historic Mark Andrews
- Re: Telnet and FTP to Historic Stephen Farrell
- Re: Telnet and FTP to Historic Scott Bradner
- Re: Telnet and FTP to Historic Michael Richardson
- Re: Telnet and FTP to Historic Michael Richardson
- Re: Telnet and FTP to Historic Stephen Farrell
- Re: Telnet and FTP to Historic Jared Mauch
- Re: Telnet and FTP to Historic Mark Andrews
- Re: Telnet and FTP to Historic Phillip Hallam-Baker
- Re: Telnet and FTP to Historic John Levine
- Re: Telnet and FTP to Historic John C Klensin
- Re: Telnet and FTP to Historic Theodore Y. Ts'o
- Re: Telnet and FTP to Historic Christian Huitema
- Re: Telnet and FTP to Historic Joe Touch
- Re: Telnet and FTP to Historic Christian Huitema
- Re: Telnet and FTP to Historic Christian de Larrinaga
- Re: Telnet and FTP to Historic Masataka Ohta
- Re: Telnet and FTP to Historic Masataka Ohta
- Re: Telnet and FTP to Historic Dave Cridland
- Re: Telnet and FTP to Historic Nick Hilliard
- Re: Telnet and FTP to Historic Masataka Ohta
- Re: Telnet and FTP to Historic Masataka Ohta
- Re: Telnet and FTP to Historic IETF Sergeant at Arms
- Re: Telnet and FTP to Historic Christian de Larrinaga
- Re: Telnet and FTP to Historic Michael Richardson
- Re: Telnet and FTP to Historic Masataka Ohta
- Re: Telnet and FTP to Historic Masataka Ohta
- Re: Telnet and FTP to Historic Joe Touch
- Re: Telnet and FTP to Historic Keith Moore
- Re: Telnet and FTP to Historic Adam Roach
- Re: Telnet and FTP to Historic Christian Huitema
- Re: Telnet and FTP to Historic Keith Moore
- Re: Telnet and FTP to Historic Phillip Hallam-Baker
- Re: Telnet and FTP to Historic Keith Moore