ODETTE File Transfer Protocol 2.0
Note: This ballot was opened for revision 04 and is now closed.
(Jari Arkko) No Objection
(Ron Bonica) No Objection
(Ross Callon) No Objection
(Lisa Dusseault) No Objection
(Lars Eggert) No Objection
Appendix D., paragraph 189: > [RFC-739] Postel, J., "Transmission Control Protocol", STD 7, > RFC 793, September 1981 Is cited as [TCP]. (Or should be [RFC-793], not [RFC-739].)
(Russ Housley) No Objection
This does not seem to be an end run around any IETF WG. The use of "signed receipt" differs from RFC 2634.
(Cullen Jennings) No Objection
(Chris Newman) No Objection
(Tim Polk) (was Discuss) No Objection
From the first paragraph of the Security Considerations (section 10.4): If no security options are agreed for use, the send and receive passwords are sent in plain text. Whilst this is acceptable over X.25 and ISDN networks, this is a risky practice over insecure public networks such as the Internet. I do not buy the implict characterization of X.25 and ISDN as "secure" networks. Even if you accept that statement, if I understood the routing ADs correctly during our discussions in Prague, X.25 and ISDN network traffic may in fact be routed across the Internet these days. This statement ought to be revised. Note: I made this a comment rather than a DISCUSS since I agree that plain text passwords are a risky practice over the Internet.