Date: Sun, 06 Sep 1998 09:57:00 +0200 From: sthaug@nethelp.no To: tlambert@primenet.com Cc: dg@root.com, tom@uniserve.com, freebsd-current@FreeBSD.ORG Subject: Re: Should FreeBSD-3.0 ship with RFC 1644 (T/TCP) turned off by Message-ID: <6915.905068620@verdi.nethelp.no> In-Reply-To: Your message of "Sun, 6 Sep 1998 06:56:22 %2B0000 (GMT)" References: <199809060656.XAA13597@usr01.primenet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> That said, one of the reasons for leaving the extensions on by default
> is to ensure that people complain about RFC non-compliance.
>
> I, for one, wuld e unhappy if FreeBSD disabled these by default, even
> though it's perfectly reasonable for my employer to disable them on
> their derived work.
However, there's a world of difference between RFC 1323 and RFC 1644.
1. As Charles Hannum has poited out, there are security risks associated
with RFC 1644.
2. RFC 1323 has the status of "Proposed Standard Protocol", which means
(see RFC 2300):
4.1.3. Proposed Standard Protocol
These are protocol proposals that may be considered by the IESG
for standardization in the future. Implementation and testing by
several groups is desirable. Revision of the protocol
specification is likely.
RFC 1644 has the status "Experimental Protocol", which means:
4.1.4. Experimental Protocol
A system should not implement an experimental protocol unless it
is participating in the experiment and has coordinated its use of
the protocol with the developer of the protocol.
Note the "should not". The fact that RFC 1644 is still classified as an
experimental protocol, together with the security risks noted, are (in
my opinion) excellent reasons why RFC 1644 absolutely *should not* be
on by default in FreeBSD.
Steinar Haug, Nethelp consulting, sthaug@nethelp.no
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6915.905068620>