[OpenISO] TELNET

Tonnerre LOMBARD tonnerre at ffii.org
Sat Sep 8 23:18:16 CEST 2007 

Salut,

On Sat, Sep 08, 2007 at 10:01:23PM +0100, Std Lib0 wrote:
> > > I think we can approve RFC 854 with a rating of "Recommended in some
> > > contexts" unless further concerns are raised.
> >
> > That about hits the point. I am in favor of this proposal.
> 
> In the initial draft, I was assuming rating telnet not in specific contexts,
> but as suitable or not suitable to be used nowadays 'as-is', in any context
> on the Internet, as the original standard does not say anything about using
> transport/network layers to provide secrecy, etc, only that it should be
> used on the Internet:

The RFC 854 makes reference to TCP, for example, as its transport layer.
As such it is safe to assume that it is based on the assumption that TCP
provides what it was said to provide in the year 1983 when the RFC was
published. This includes «transport security».

We learned during the past couple of years that the transport security
TCP offers is only limited; however, current established standards do
provide this added security we have been demanding. As such the problem
is outside the scope of the RFC 1983 but rather a problem of the
transport layer provided by standard IPv4, which can easily be fixed by
using IPv6 with the IPsec extension.

I don't think that this is the hack, I would rather suggest that OpenSSH
is the hack to circumvent this limitation of IPv4.

> I'm only trying to find out if it doesn't make more sense to assess the
> standard using a generalized context, without assuming anything that is not
> in the standard. Is it useful to recommend a standard for use in specific
> contexts without specifying these contexts?  and, in case we specify them,
> shouldn't this be the work of the standard?

We defined that the standard should be accepted as "recommended in some
contexts". I assume that we will, before publishing it, define a set of
features these contexts are required to feature. These include:

1. Proper definition of character sets in the programs running on top of
   the telnet protocol where appropriate.

2. Use of a transport layer security protocol which uses encryption to
   secure the data, unless it is transmitted exclusively over an
   already-secured or trusted network. (Datex-J would be an example
   here, which provides Layer 2 encryption.)

				Tonnerre
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: Digital signature
Url : http://OpenISO.org/pipermail/discuss/attachments/20070908/06b7e894/attachment.pgp

More information about the Discuss mailing list