- From: Patrik Fältström <paf@cisco.com>
- Date: Thu, 22 Nov 2001 04:06:27 +0100
- To: John C Klensin <klensin@jck.com>, Eliot Lear <lear@cisco.com>
- cc: discuss@apps.ietf.org
--On 01-11-21 17.47 -0500 John C Klensin <klensin@jck.com> wrote:
> --On Wednesday, 21 November, 2001 13:40 -0800 Eliot Lear
> <lear@cisco.com> wrote:
>
>> I'm a little concerned that the cat is out of the bag, and
>> that we are now running up against documenting existing
>> practice (even if it is a bad practice). I quite agree that
>> people should avoid using TFTP (and there's really no reason
>> not to).
>
> I don't have much objection to documenting some widely-used
> existing practice, if only to to explain why it is undesirable/
> implies risks. But I don't think we should _standardize_
> risky/ problematic practices.
>
> john
I still see two different problems here:
(1) Someone should ASAP write an RFC which explains why using TFTP is a
really bad thing.
(2) We should define a URI scheme for protocols we define in the IETF.
I am, regardless of John's note, strongly in favour of having a URI scheme
definition for all protocols we have (and more). The URI scheme definition
explicitly MUST specify in what environments it can be used. In the example
of TFTP, it should say that having the ability for a user to "click" on
such a URI is "a really bad thing", and further, reference (1) which states
that tftp should _NOT_ be used.
paf
Received on Wednesday, 21 November 2001 22:15:37 UTC