nanog mailing list archives
Re: VOIP provider
From: John Kristoff <jtk () northwestern edu>
Date: Wed, 3 Aug 2005 09:17:46 -0500
On Wed, 3 Aug 2005 02:08:30 -0700 (PDT) Bill Woodcock <woody () pch net> wrote:
What security risk does TFTP pose that isn't also shared by HTTP?
I find it disappointing that the filtering police rarely stop to think about their decision about what and why protocols are a security risk. Looked at in one way, TFTP could more secure than many alternatives. A TFTP implementation (e.g. the code required) can be much simpler, which is typically an advantage from a security perspective. If file authenticity (or even encryption) is required, simple end system mechanisms can be applied before and after transmitting the file. For applications such as device bootstrapping that deploy some additional checks on the file transferred, TFTP is probably a perfectly reasonable option. If it weren't for the 2 byte block code limit, it might be even more widely used for this purpose. John
Current thread:
- VOIP provider Shane Owens (Aug 02)
- Re: VOIP provider Peter Dambier (Aug 02)
- Re: VOIP provider Bill Woodcock (Aug 03)
- Re: VOIP provider Christopher L. Morrow (Aug 03)
- Re: VOIP provider John Kristoff (Aug 03)
- Re: VOIP provider Sam Hayes Merritt, III (Aug 03)