Subject: Re: rfc2228 in ftpd
To: Steven M. Bellovin <>
From: Perry E. Metzger <>
List: tech-userlevel
Date: 06/23/2002 23:27:21
"Steven M. Bellovin" <> writes:
> In message <>, "Perry E. Metzger" writes:
> >Yah, but it has never gotten past Proposed to Draft, and I'm unaware
> >of implementations.  At the time it was written, the world was very
> >different, and rolling (mostly) your own security transport was
> >common. Now everyone Just Uses SSL. The question in my mind is, given
> >the utter lack of implementations, do we want something where we've
> >got a whole new protocol with potential holes, or do we Just Use SSL
> >so we can piggy back on its properties?
> >
> >Steve, you're a Security AD. What's your opinion?
> As I said, I have no idea if anyone else has implemented it, modulo the 
> note from Ken Hornstein.
> But don't read too much -- or too little -- into the fact that it's a 
> Proposed Standard.

I'm well aware of that. I'm more interested in the question of whether
or not Yet Another Security Mechanism is a good idea.