[255] in Release_7.7_team
Re: telnet -safe as default
daemon@ATHENA.MIT.EDU (jhawk@MIT.EDU)
Sun Jan 15 00:11:00 1995
From: jhawk@MIT.EDU
Date: Sun, 15 Jan 1995 00:10:51 -0500
To: Greg Hudson <ghudson@MIT.EDU>
Cc: cfields@MIT.EDU, ghudson@MIT.EDU, release-team@MIT.EDU, brlewis@MIT.EDU
In-Reply-To: "[254] in Release_7.7_team"
> > No. I'm saying that I expect that eventually (I suppose I neglected
> > to submit my bug report to anyone other than Athena; I will rectify
> > this when I finish my development work on telnet over IAP...) the
> > "mainline" (i.e. K5 and CNS K4) encrypted telnets will support my
> > change of -ax failing when an encrypted connection is not possible.
>
> I think this would be poor. It raises several issues:
>
> * What if I just specify -a?
Your connection fails if authentication is not available.
> * What if I just specify -x?
Nothing. This has never worked. It is a bug that it does not
error out.
> * What if I want a single command that obtains the most secure
> connection possible?
Then you should add an additional option. I think, quite frankly, that
any such thing is a poor idea.
> * What if we want to make that the default behavior?
Then you can put it in your .telnetrc.
> * What if I'm used to using "telnet -ax" as such a command (as
> per the documentation), and the behavior of telnet changes
> on me?
The documentation should change with the behavior.
My objection, and my bug, was that the EASY, SIMPLE, way of obtaining
an encrypted connection did not fail when an encrypted connection
was not available.
> I think the right approach is to have an option which specifies that
> telnet should fail if it does not achieve all the requested security
> options.
I disagree very strongly. It should be HARDER to obtain this fallback
behavior, than to error out. This is a security-paranoia attitude,
so perhaps you do not agree.
> Alternatively, we can go with my earlier proposal of having telnet
> -safe have the distinguished meaning of "-ax plus no fallback".
Again, I strongly object to this on two grounds:
1) -ax and -safe should always do the same thing. Or, -safe
should have an equivalent in non-newspeak arguments. This is
important as long as -safe is unique to the athena environment,
and it's longer to type :-)
2) No fallback should NEVER be the default. Since telnet -safe
is advertised as a safe way to telnet, it de facto a default,
and thus should not implement such fallback.
I think perhaps this has gone a bit far afield from the release 7.7
issues, but I'm not sure of a more appropriate forum...
--jhawk
