2.6.14 Telnet Security BOF (telsec)

Current Meeting Report

These minutes were taken by Michael Boe <mboe@cisco.com>

The purpose of the meeting as described in the agenda was discussed by the chair, Jeffrey Altman. The floor was then opened to comments and questions:

. Comment: The WG Chair should not be the author of I-Ds in the WG.

. Question: Why Telnet? Why not just use SSH?

Answer: Telnet has a large installed base that needs to be secured.

. Question: Wouldn't SSH servers be more secure?

Answer/Debate: Policy of server is independent of underlying SSH/TELNET technologies.

. Observation: It is easier psychologically to upgrade telnet than to toss it out.

. Central Q of Debate: Is securing each existing telnet implementation more desireable than encouraging shift to more modern (ssh) systems?

. Question: Would current Telnet developers implement new security standards if they were adopted?

Answer: if not, it would probably result in the old insecure implementations being removed from the products.

Observation from Security AD: In other words, if the IESG were to approve new standards the world becomes more secure whether or not they are implemented by vendors

. Question: what's the load/packet ratio for SSH and TLS-Telnet?

Answer: somewhere around 1/20 or 1/30 for each is the ballpark.

A raise of hands indicated consensus for the creation of the Telnet Security (TELSEC) Working Group in the Security Area. 13 in favor; 2 opposed.


None received.