Subject: Re: rfc2228 in ftpd
To: Steven M. Bellovin <email@example.com>
From: Perry E. Metzger <firstname.lastname@example.org>
Date: 06/23/2002 23:27:21
"Steven M. Bellovin" <email@example.com> writes:
> In message <firstname.lastname@example.org>, "Perry E. Metzger" writes:
> >Yah, but it has never gotten past Proposed to Draft, and I'm unaware
> >of implementations. At the time it was written, the world was very
> >different, and rolling (mostly) your own security transport was
> >common. Now everyone Just Uses SSL. The question in my mind is, given
> >the utter lack of implementations, do we want something where we've
> >got a whole new protocol with potential holes, or do we Just Use SSL
> >so we can piggy back on its properties?
> >Steve, you're a Security AD. What's your opinion?
> As I said, I have no idea if anyone else has implemented it, modulo the
> note from Ken Hornstein.
> But don't read too much -- or too little -- into the fact that it's a
> Proposed Standard.
I'm well aware of that. I'm more interested in the question of whether
or not Yet Another Security Mechanism is a good idea.