IETF Logo Mail Archive

Re: Telnet and FTP to Historic

Christian de Larrinaga <cdel@firsthand.net> Thu, 03 December 2020 11:13 UTC

Return-Path: <cdel@firsthand.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B03D13A03F3 for <ietf@ietfa.amsl.com>; Thu, 3 Dec 2020 03:13:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.319
X-Spam-Level:
X-Spam-Status: No, score=-1.319 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=firsthand.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wcPN6cTp9Pi0 for <ietf@ietfa.amsl.com>; Thu, 3 Dec 2020 03:13:42 -0800 (PST)
Received: from tranquility.default.cdelarrinaga.uk0.bigv.io (tranquility.default.cdelarrinaga.uk0.bigv.io [IPv6:2001:41c8:51:8b8::184]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5D893A0317 for <ietf@ietf.org>; Thu, 3 Dec 2020 03:13:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=firsthand.net; s=tranquility; h=Content-Type:MIME-Version:Message-ID:Date:In-reply-to:Reply-To:Subject:Cc:To:From:References; bh=2yqfAgiIN63A7i8kvQvfiekAaIvOgr7opBvoNFv1YdY=; b=e5WG5vuq4NHSA7xocVaQ3oNzyBlIr4hROorOBF7PpWzH5xAO1qMmyoHJfyJ9IfMOTqC5osHVMPpFVM4zDatVDrmpakb24AVQD16b7eOQ/eKEl2d6p4b/fqxQ6Ded3O0v7pfehsosuWZWdn7Wa3fr/+vycpGwy7qVD+MYauv+Jkw=;
Received: from 60.88.155.90.in-addr.arpa ([90.155.88.60] helo=christian-yoga) by tranquility.default.cdelarrinaga.uk0.bigv.io with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <cdel@firsthand.net>) id 1kkmYG-0001wk-ON; Thu, 03 Dec 2020 11:13:32 +0000
References: <AA1E0A8464BC45FB4FA44684@PSB> <2D63A357-E253-462C-864D-2BF96D3E2E18@tzi.org> <F4CD3381C5D0E24C91FC4A91@PSB> <20201201030759.GJ5364@mit.edu> <5720F933910C959C9278EBCF@PSB> <CAMm+LwgpcLxSdzgfJy2441hjNWP=Fui-f8Oq1bZB=2QdZeOUNQ@mail.gmail.com> <0c5a4935-f0b6-4b86-dc0e-3b4466bc09a4@nostrum.com> <F1FF9720-AA72-4B92-ABE7-6E0E875059BA@tzi.org> <16446.1606931808@localhost> <CAMm+Lwj51YLpwZLCxsVeg=6tBwaG845Kg4WN4hbA8Bv=pjjKrQ@mail.gmail.com> <C9D1281FC33DACED4FB385A3@PSB> <6B1BC8E3-913D-4683-A463-AD6099103749@sobco.com> <08035677-a35e-45ed-39e9-b01df6d01010@cs.tcd.ie>
User-agent: mu4e 1.5.5; emacs 28.0.50
From: Christian de Larrinaga <cdel@firsthand.net>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: "Scott O. Bradner" <sob@sobco.com>, "John C. Klensin" <john-ietf@jck.com>, Michael Richardson <mcr+ietf@sandelman.ca>, Carsten Bormann <cabo@tzi.org>, Phillip Hallam-Baker <phill@hallambaker.com>, ietf@ietf.org
Subject: Re: Telnet and FTP to Historic
Reply-To: cdel@firsthand.net
In-reply-to: <08035677-a35e-45ed-39e9-b01df6d01010@cs.tcd.ie>
Date: Thu, 03 Dec 2020 11:13:32 +0000
Message-ID: <87a6uvrvkz.fsf@firsthand.net>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/nVS8LfKQwzpbZCLrxIC0DhWprbk>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Dec 2020 11:13:46 -0000

there are times when having telnet to test a mail server / email address is helpful?

Happy to have a better sweetie if you can suggest one

C

Stephen Farrell writes:

> Hiya,
>
> On 02/12/2020 23:19, Scott O. Bradner wrote:
>> I fully agree with John
>> 
>> I see no justification to move telnet &/or FTP to historic since they are in use (even if
>> some people would rather that not be the case) and neither presents a clear danger
>> to the proper functioning of the Internet
>
> I gotta wonder about that last. Wouldn't it be credible to
> argue that telnet is in fact a real danger, if one looks at
> all the CVEs that've reported on ports with admin/admin
> access? I'm not sure if it'd be the right thing to do, but
> I do think one can credibly argue that deprecating telnet
> might be worthwhile.
>
> Cheers,
> S.
>
>> 
>> Scott
>> 
>>> On Dec 2, 2020, at 3:57 PM, John C Klensin <john-ietf@jck.com> wrote:
>>>
>>>
>>>
>>> --On Wednesday, December 2, 2020 13:32 -0500 Phillip
>>> Hallam-Baker <phill@hallambaker.com> wrote:
>>>
>>>> ...
>>>> But even if every developer needs to use telnet for debugging
>>>> on a daily basis, that is still no reason for telnet to keep
>>>> its standards status. I would like to see us being more
>>>> aggressive in rendering old protocols obsolete so as to
>>>> encourage new ones. and to discourage continued use of
>>>> insecure protocols.
>>>> ...
>>>
>>> Unless the rules changed when I wasn't looking (Scott should
>>> check me on this), the goal of IETF standards is to define
>>> conditions for interoperability
>>> among those who choose to use them.  Whether incorporated into
>>> the same document or separate, "you should use this in
>>> preference to anything else" or "everyone who wants to part of
>>> the Internet should support this" statements are matters for
>>> Applicability Statements and recommendation levels, not
>>> standards status.  We should not lose sight of the importance of
>>> that distinction, especially because we have had recent working
>>> groups developing protocols for standardization that are of use
>>> to only a tiny fraction of the Internet's users.
>>>
>>> Historically (sic) we have moved standards track protocols,
>>> especially Internet Standards, to Historic only when no one is
>>> using them and expecting implementations to interoperate (see
>>> RFC 4450 for a partial explanation), with, e.g., the ARPANET
>>> Host-IMP protocol as a rather good example.  We have sometimes
>>> moved specifications whose use was already formally deprecated
>>> (even if there was not a spec that said "Not Recommended" as
>>> 2026 anticipated) to Historic for extra emphasis.  Moving a
>>> document to Historic without doing anything else is nothing more
>>> than a statement by the IETF that the specification is of no
>>> further use as a specification.  2026 says "superseded by a more
>>> recent specification or is for any other reason considered to be
>>> obsolete" but that is the _specification_ not the protocol or
>>> its usability.   As long as efforts to discontinue FTP support
>>> in a particular context or mere questions about adding a
>>> response code or features that might improve contemporary
>>> applicability call forth as much impassioned debate as we have
>>> seen recently, whatever that spec is, it is not Historic.
>>>
>>> Keep in mind that the IETF's Standards are voluntary and that,
>>> just as we cannot make anyone implement or use a Standard as we
>>> intend and prefer, we cannot prevent someone from using one of
>>> our specifications just because we have attached a term of shame
>>> to it.  If we don't want someone to use a spec, we need to
>>> explain why in a way that is persuasive to them.
>>>
>>> So, if I understand correctly what you are actually trying to
>>> do, by all means write a spec explaining why no right-minded
>>> person would used FTP and/or Telnet and updating RFC 1123 and
>>> 765 and/or 854 to explicitly identify them as "Not Recommended".
>>> Moving it (and Telnet) to Historic without making that effort
>>> and while they are still in active use in parts of the Internet
>>> and for some purposes would only serve the purpose of further
>>> damaging the IETF's credibility.  And, if your recommended
>>> replacements are not, themselves, IETF Standards, then, IMO, the
>>> damage to credibility would be even greater.
>>>
>>> I will save my opinion for what should be done with such a
>>> spec/proposal if it is written and posted for that event.
>>>
>>> best,
>>>    john
>>>
>>>
>> 


-- 
Christian de Larrinaga 
https://firsthand.net

v2.23.0 | Report a Bug | By Email