ODETTE File Transfer Protocol 2.0
RFC 5024

Note: This ballot was opened for revision 04 and is now closed.

(Jari Arkko) No Objection

(Ron Bonica) No Objection

(Ross Callon) No Objection

(Lisa Dusseault) No Objection

(Lars Eggert) No Objection

Comment (2007-05-24)
No email
send info
Appendix D., paragraph 189:
>    [RFC-739]  Postel, J., "Transmission Control Protocol", STD 7,
>    RFC 793, September 1981

  Is cited as [TCP]. (Or should be [RFC-793], not [RFC-739].)

(Russ Housley) No Objection

Comment (2007-05-23)
No email
send info
  This does not seem to be an end run around any IETF WG.

  The use of "signed receipt" differs from RFC 2634.

(Cullen Jennings) No Objection

(Chris Newman) No Objection

(Tim Polk) (was Discuss) No Objection

Comment (2007-05-10)
No email
send info
From the first paragraph of the Security Considerations (section 10.4):

   If no security options are agreed for use, the send and 
   receive passwords are sent in plain text. Whilst this is acceptable
   over X.25 and ISDN networks, this is a risky practice over 
   insecure public networks such as the Internet.

I do not buy the implict characterization of X.25 and ISDN as "secure" networks.  Even if you
accept that statement,  if I understood the routing ADs correctly during our discussions in
Prague, X.25 and ISDN network traffic may in fact be routed across the Internet these days.
This statement ought to be revised.

Note: I made this a comment rather than a DISCUSS since I agree that plain text passwords
are a risky practice over the Internet.

Magnus Westerlund No Objection