[82981] in North American Network Operators' Group
Re: VOIP provider
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Wed Aug 3 05:24:02 2005
Date: Wed, 03 Aug 2005 09:23:16 +0000 (GMT)
From: "Christopher L. Morrow" <christopher.morrow@mci.com>
In-reply-to: <Pine.SOC.4.61.0508030201320.7250@paixhost.pch.net>
To: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
On Wed, 3 Aug 2005, Bill Woodcock wrote:
> > 3: What protocols should be used for firmware upgrades to ATA
> > devices? We are thinking HTTPS or SFTP, or HTTP if those aren't
> > available on selected devices. I am trying to stay away from TFTP
> > for security reasons.
>
> What security risk does TFTP pose that isn't also shared by HTTP?
beyond security reasons, there are some performance reasons as well to
skip tftp. There was a decent article in 'network magazine' (editorial I
suppose really) by Louis Mamakos about 6 months ago regarding the
challenges of upgrading a few hundred thousand remote tftp-only devices :(
(thanks to google for the link)
http://tinyurl.com/9e5pd
-Chris
