On 2024-08-06, at 09:40, Masataka Ohta <mohta@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote: > > and TELNET has nothing to do with pain text passwords. Thanks for the new word “pain text password” :-) I’ve been in several places where people wanted to (and did) deprecate (parts of) a protocol because they didn’t like it for its (then!) primary use case. E.g., for IPv6, zeroed out UDP checksums were not taken over from IPv4 (†), because *at the time* people used them mostly for unsafe purposes (such as NFS without checksums, because of CPU constraints; I’ve lost data to this practice). We should not deprecate a protocol just because of a bad use case, as long as there are viable others. So, indeed, if we want to express reality in document status, maybe we need weaker forms of deprecation. One difference between TELNET and other protocols here is that TELNET never was extended to provide better security (*). *THAT* is what makes TELNET obsolete for its main use case, remote login. Grüße, Carsten (†) Yes, I know that the official argument given was the lack of an IP header checksum in IPv6. Zero UDP checksums then later had to be retrofitted back to IPv6 in many places [6936], but were apparently not universally picked up [1]… [6936]: https://www.rfc-editor.org/rfc/rfc6936 [1]: https://my.f5.com/manage/s/article/K24648535 Note the inevitable reference to **obsolete** RFC 2460; the use of zero UDP checksums is discussed in Section 8.1 of its replacement RFC 8200 [STD86]. [STD86]: https://www.rfc-editor.org/rfc/rfc8200.html#page-28 (*) Ignoring urgent pointers for a moment, TELNET over TLS would have been trivial to define (and has been, I believe as implemented in the obscure tool telnet-xls [0], or even in production for certain IBM glass terminals [1]). But we had a better tool for the main use case remote login for TTY-like terminals (NVT), so that didn’t happen in the wider market. [0]: https://datatracker.ietf.org/doc/html/draft-ietf-tn3270e-telnet-tls-06 [1]: https://www.ibm.com/docs/en/i/7.5?topic=scenarios-telnet-scenario-securing-telnet-tls
