ietf-nntp DEBUG command
Chin Chee-Kai
cheekai at SoftML.net
Wed Jul 19 19:10:18 PDT 2000
On Wed, 19 Jul 2000, Stan O. Barber wrote:
> "Clive D.W. Feather" wrote:
> >
> > I don't remember this from the last draft, or any discussion about it.
For the DEBUG command, it's probably needed in the earlier days
when news administrators are trusted government or academic
organizations attempting to make things work and helping each
other out. These days, with so much focus on security and
untrustable hosts connecting to news sites, it hardly seems
right for actual applications to implement the DEBUG command.
Having the DEBUG command as part of the standard is also
IMHO undesirable, as it encourages the use of the main
protocol proper to be used as part of the debugging process.
Accidental easy-accesses, backdoors or internal inforamtion
designed for debugging purposes might unintentionally be
carried over to real operational uses, and may go unnoticed
as the DEBUG command is part of the protocol itself.
Suggest that a paragraph of caution on the implementation
of DEBUG command be placed under the "Section 14. Security
Considerations".
Cheers,
CK
More information about the ietf-nntp
mailing list