On Wed, Dec 02, 2020 at 11:28:42PM +0000, Stephen Farrell wrote: > > I gotta wonder about that last. Wouldn't it be credible to > argue that telnet is in fact a real danger, if one looks at > all the CVEs that've reported on ports with admin/admin > access? I'm not sure if it'd be the right thing to do, but > I do think one can credibly argue that deprecating telnet > might be worthwhile. I'm not convinced by that argument. How many of these ports are actually running the telnet protocol? I may do something like: % telnet imap.thunk.org 25 However, I'm not actually using the telnet *protocol*. I'm just using the telnet *program* to talk to a an SMTP server. Deprecating the RFC for the telnet protocol isn't going to magically make all instances of the telnet program go away, and even if it didn't, netcat (nc) would still exist. - Ted
