DocumentID: OI E400:draft3 ShortTitle: TELNET LongTitle: OpenISO.org evaluation of TELNET (RFC 854) Date: 2007-09-10 Working-Group: discuss@OpenISO.org Editor: Norbert Bollow About: RFC 854 # OpenISO.org evaluation of TELNET (RFC 854) # ## Summary ## > The purpose of the TELNET Protocol is to provide a fairly general, > bi-directional, eight-bit byte oriented communications facility. Its > primary goal is to allow a standard method of interfacing terminal > devices and terminal-oriented processes to each other. It is > envisioned that the protocol may also be used for terminal-terminal > communication ("linking") and process-process communication > (distributed computation). The TELNET Protocol is specified in [RFC 854](/RFC/0854), which is also referred to as "Internet Standard 8 (STD0008)". The OpenISO.org evaluation of RFC 854 is not yet finished. Unless further concerns about RFC 854 are raised and found to be valid, OpenISO.org will approve RFC 854 as a standard with a rating of "Recommended in some contexts". The contexts in which use of the TELNET protocol is recommended are as follows: a) Communication with devices which have sufficient computational resources to implement the TELNET protocol but not enough computational resources to implement cryptographic security features. b) Contexts where cryptographic security features are provided by lower layers in the network protocol stack. The TELNET protocol SHOULD NOT be used for communication across untrusted networks unless cryptographic security features are provided by lower layers in the network protocol stack. ## Detailed discussion of concerns ## In the OpenISO.org evaluation of RFC 854, the following concerns have been raised: ### Security concerns ### The TELNET protocol does not provide integrity verification or secrecy for the communications which are being transmitted. For this reason, the protocol can only be recommended for use in contexts where appropriate security measures are taken to protect the communication channel over which the TELNET protocol is operated. ### Alternatives ### In the context of the unsecured TCP/IP protocols of the IPv4 protocol suite, the TELNET protocol is insecure and the SSH protocol should be used instead for communication over untrusted networks. However one might argue that SSH provides the security features on the wrong network protocol layer. ### Patent concerns ### There are no known patent risks that are particular to the use of the TELNET protocol. ### Internationalization concerns ### The TELNET protocol allows to transmit any character encoding transparently, including Unicode character encodings. ### Complexity concerns ### The protocol is easy to implement. ## Further remarks ## ### Use of TELNET client implementations in debugging plaintext protocols ### TELNET client implementations are often used to manually debug and interact with server implementations of simple plaintext protocols such as SMTP or HTTP, by sending plaintext queries and visualizing the responses. Specifically, if the TELNET client implementation does not by default initiate TELNET option negotiation, it can safely be used for communicating with server implementations of plaintext protocols that use the same CRLF line-end convention as the telnet protocol, as long as the data that is to be transmitted in either direction consists entirely of lines of text, with each line of text consisting entirely of zero or more USASCII graphic characters (codes 0x20 through 0x7E). For debugging the interaction of server implementations of plaintext protocols with USASCII control characters besides the CRLF line-end indicator or with textual data that is not restricted to the USASCII graphic characters, other tools should be used, such as for example the 'netcat' program.