On Mon, 12 Mar 2001, Thor Lancelot Simon wrote:
[..]
>
> Ergo, a small, lightweight SSH implementation, even one that did v2,
> might quite reasonably choose to *not* implement SFTP; to me, at least,
> it sure seems to bring very little to the table in return for a lot
> of increase in code size and maintenance. But that's just my point
> of view; clearly some people have put a lot of work into advancing
> SFTP and they must have a more substantial use for it than I do.
>
How do you assure Windows end-users can transfer and manage files to a
webserver in a secure way? Is there publicly accessable IPSec software
for Windows 98? What about TLS? What about GSSAPI? How much added load
do they put on a 200mhz - 400mhz machine? Are they 100% stable and
usable? How do they interact over dialups? What unforseen issues will
crop up for day to day usage online and offline?
You seem to be suggesting that I should have to suffer for two to ten
years before older technology that is not progressing at any decent
rate to be cross-platform supported and commonly used. Or maybe your
suggestion I need to wait twenty or more years before UNIX (Linux, BSD,
etc) are common desktop machines and this technology is then native. I
consider it pretty unacceptable.
I need something today that will allow me to security against poorly
written ftpd attacks, against password sniffing, etc. When we gained sftp
server support I started in look for a sftp client solution for my
end-users.
sftp is totally optional. It's not even part of the main v2 specs. It is
an add-on draft that is no required. So if you don't want it. Don't
enable it.
- Ben
