Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U)

From: Joseph S D Yao <jsdy () center osis gov>
Date: Fri, 5 Apr 2002 11:36:49 -0500
On Thu, Apr 04, 2002 at 09:04:01AM -0500, Marcus J. Ranum wrote:

Matt Curtin wrote:

Does sftp(1) do what you're looking for?


In a simple view, yes. It's a replacement for ftp, and it's better than
ftp. That's a good thing.

It's still not a Very Good Thing - what we _really_ need is security
procotol unification. Why do we have sftp, ssh, ssl, etc, etc - what
the Internet really needs is a decent set of tools built atop a common
security protocol including common authorization, common encryption,
common authentication, etc. That way there's one place to upgrade and
one place to maintain code. Right now we're doing the right thing but
we're going about it the wrong way.


Hmmm.  What about strength in diversity?  If we have good implementa-
tions of a number of security protocols, each better than the others at
some things but not others, then (a) folks could use the right tool for
the right job, and (b) if someone finds a bug in library X, then we
don't have a vulnerability in ALL our security tools at once.

Eh?  ;-)

-- 
Joe Yao                         jsdy () center osis gov - Joseph S. D. Yao
OSIS Center Systems Support                                     EMT-B
-----------------------------------------------------------------------
   This message is not an official statement of OSIS Center policies.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: