[78032] in North American Network Operators' Group
Re: Re[2]: Vonage complains about VoIP-blocking
daemon@ATHENA.MIT.EDU (Stephen Sprunk)
Wed Feb 16 11:36:37 2005
From: "Stephen Sprunk" <stephen@sprunk.org>
To: "C. Hagel" <nanog@lordkron.net>,
"Michael Hallgren" <m.hallgren@free.fr>
Cc: "'Daniel Golding'" <dgolding@burtongroup.com>,
"'Jason L. Schwab'" <jlschwab@jlschwab.com>,
"'Martin Hannigan'" <hannigan@verisign.com>,
"North American Noise and Off-topic Gripes" <nanog@merit.edu>
Date: Wed, 16 Feb 2005 10:36:29 -0600
Errors-To: owner-nanog-outgoing@merit.edu
Thus spake "C. Hagel" <nanog@lordkron.net>
> Or even sftp. This could enhance the security and still allow the "tftp"
> style of getting the conigs. I know it's not widely used (if at all in
> this scenario) but it could be a fix.
I would think that HTTPS is both closer to the TFTP model (ask for a file,
slurp it down over the same socket) than either FTP/SSL or FTP/SSH and also
easier to implement. If all one is doing is checking if a file is changed
and then grabbing a new copy if needed, HTTP is pretty darn simple, and
there are several HTTPS libraries with BSD licenses one can easily
incorporate into commercial products.
HTTPS also has the benefit that any potential customer can be expected to
already have a server available or would be willing to put one up. I've run
into a lot of resistance from operators with FTP -- they actually prefer
TFTP if those are the only choices -- and wouldn't want to teach them how to
properly install FTP/SSL or FTP/SSH.
We live in a port 80/443 world.
S
Stephen Sprunk "Stupid people surround themselves with smart
CCIE #3723 people. Smart people surround themselves with
K5SSS smart people who disagree with them." --Aaron Sorkin
