Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: VOIP provider

  • From: John Kristoff
  • Date: Wed Aug 03 12:05:18 2005

On Wed, 3 Aug 2005 02:08:30 -0700 (PDT)
Bill Woodcock <woody@pch.net> wrote:

> What security risk does TFTP pose that isn't also shared by HTTP?

I find it disappointing that the filtering police rarely stop to think
about their decision about what and why protocols are a security risk.
Looked at in one way, TFTP could more secure than many alternatives.
A TFTP implementation (e.g. the code required) can be much simpler,
which is typically an advantage from a security perspective.  If file
authenticity (or even encryption) is required, simple end system
mechanisms can be applied before and after transmitting the file.

For applications such as device bootstrapping that deploy some
additional checks on the file transferred, TFTP is probably a
perfectly reasonable option.  If it weren't for the 2 byte block
code limit, it might be even more widely used for this purpose.

John




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.