Deprecating ftpd in the FreeBSD base system?

classic Classic list List threaded Threaded
37 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Deprecating ftpd in the FreeBSD base system?

Ed Maste-2
FTP is (becoming?) a legacy protocol, and I think it may be time to
remove the ftp server from the FreeBSD base system - with the recent
security advisory for ftpd serving as a reminder.

I've proposed adding a deprecation notice to the man page in
https://reviews.freebsd.org/D26447 to start this off. There are a
number of ftp servers in ports, and if we're going to remove the base
system one we can create a port for it first, as well.

Any comments or concerns, please follow up in the code review or in email here.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Deprecating ftpd in the FreeBSD base system?

Warner Losh
On Wed, Sep 16, 2020 at 11:34 AM Ed Maste <[hidden email]> wrote:

> FTP is (becoming?) a legacy protocol, and I think it may be time to
> remove the ftp server from the FreeBSD base system - with the recent
> security advisory for ftpd serving as a reminder.
>
> I've proposed adding a deprecation notice to the man page in
> https://reviews.freebsd.org/D26447 to start this off. There are a
> number of ftp servers in ports, and if we're going to remove the base
> system one we can create a port for it first, as well.
>
> Any comments or concerns, please follow up in the code review or in email
> here.
>

While I may quibble over the 'legacy' tag to FTP, I do agree that ftpd
isn't important enough to risk the security exposure for it (even if we
don't enable it by default). There are several ftpd ports one could use. I
know I'll be installing it on my systems here, but I have some special
needs due to a video camera that uploads snapshots via ftp (and yes, I know
that's not super secure which is why it's on it's own VLAN, jail insulated,
etc).

Warner
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Deprecating ftpd in the FreeBSD base system?

sthaug
In reply to this post by Ed Maste-2
> FTP is (becoming?) a legacy protocol, and I think it may be time to
> remove the ftp server from the FreeBSD base system - with the recent
> security advisory for ftpd serving as a reminder.
>
> I've proposed adding a deprecation notice to the man page in
> https://reviews.freebsd.org/D26447 to start this off. There are a
> number of ftp servers in ports, and if we're going to remove the base
> system one we can create a port for it first, as well.
>
> Any comments or concerns, please follow up in the code review or in email here.

Could we, at the same time, improve the documentation for sftp? I had
to move an FTP server (with one chrooted user) from FTP to sftp today.
I did:

1. Add sftp user to /etc/passwd, with /usr/sbin/nologin as the shell.
2. Patch sshd config as follows:

--- etc/ssh/sshd_config.orig 2018-06-16 22:04:20.868762000 +0200
+++ etc/ssh/sshd_config 2020-09-16 10:10:53.133211000 +0200
@@ -112,7 +112,7 @@
 #Banner none
 
 # override default of no subsystems
-Subsystem sftp /usr/libexec/sftp-server
+Subsystem sftp internal-sftp -l INFO
 
 # Example of overriding settings on a per-user basis
 #Match User anoncvs
@@ -120,3 +120,8 @@
 # AllowTcpForwarding no
 # PermitTTY no
 # ForceCommand cvs server
+Match User sftp
+ChrootDirectory /usr/local/ftp/sftp
+ForceCommand internal-sftp -l INFO
+X11Forwarding no
+AllowTcpForwarding no

3. Ensure all levels of /usr/local/ftp/sftp are owned by root.
4. Create /usr/local/ftp/sftp/dev and add the following line to
/etc/rc.conf:

syslogd_flags="-s -l /usr/local/ftp/sftp/dev/log"

Btw, I could not get /usr/libexec/sftp-server to work. Cryptic error
message: "Received message too long 1416128883". Googling that one
eventually led me to the internal-sftp subsystem and the rest of the
sshd_config changes. The sshd_config man page is good, but I couldn't
find anything about arguments (e.g. -l) for internal-sftp.

Steinar Haug, Nethelp consulting, [hidden email]
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Deprecating ftpd in the FreeBSD base system?

Michael Gmelin-2


> On 16. Sep 2020, at 20:08, [hidden email] wrote:
>
> 
>>
>> FTP is (becoming?) a legacy protocol, and I think it may be time to
>> remove the ftp server from the FreeBSD base system - with the recent
>> security advisory for ftpd serving as a reminder.
>>
>> I've proposed adding a deprecation notice to the man page in
>> https://reviews.freebsd.org/D26447 to start this off. There are a
>> number of ftp servers in ports, and if we're going to remove the base
>> system one we can create a port for it first, as well.
>>
>> Any comments or concerns, please follow up in the code review or in email here.
>
> Could we, at the same time, improve the documentation for sftp? I had
> to move an FTP server (with one chrooted user) from FTP to sftp today.
> I did:
>
> 1. Add sftp user to /etc/passwd, with /usr/sbin/nologin as the shell.
> 2. Patch sshd config as follows:
>
> --- etc/ssh/sshd_config.orig    2018-06-16 22:04:20.868762000 +0200
> +++ etc/ssh/sshd_config    2020-09-16 10:10:53.133211000 +0200
> @@ -112,7 +112,7 @@
> #Banner none
>
> # override default of no subsystems
> -Subsystem    sftp    /usr/libexec/sftp-server
> +Subsystem    sftp    internal-sftp -l INFO
>
> # Example of overriding settings on a per-user basis
> #Match User anoncvs
> @@ -120,3 +120,8 @@
> #    AllowTcpForwarding no
> #    PermitTTY no
> #    ForceCommand cvs server
> +Match User sftp
> +ChrootDirectory    /usr/local/ftp/sftp
> +ForceCommand internal-sftp -l INFO
> +X11Forwarding no
> +AllowTcpForwarding no
>
> 3. Ensure all levels of /usr/local/ftp/sftp are owned by root.
> 4. Create /usr/local/ftp/sftp/dev and add the following line to
> /etc/rc.conf:
>
> syslogd_flags="-s -l /usr/local/ftp/sftp/dev/log"
>
> Btw, I could not get /usr/libexec/sftp-server to work. Cryptic error
> message: "Received message too long 1416128883". Googling that one
> eventually led me to the internal-sftp subsystem and the rest of the
> sshd_config changes. The sshd_config man page is good, but I couldn't
> find anything about arguments (e.g. -l) for internal-sftp.

In case it helps, I documented an example sftp setup as part of the paperless port's man page last year:

https://svnweb.freebsd.org/ports/head/deskutils/py-paperless/files/paperless.7.in?revision=521891&view=co

-m

>
> Steinar Haug, Nethelp consulting, [hidden email]
> _______________________________________________
> [hidden email] mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "[hidden email]"
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Deprecating ftpd in the FreeBSD base system?

mdtancsa
In reply to this post by sthaug
On 9/16/2020 2:07 PM, [hidden email] wrote:
>  # override default of no subsystems
> -Subsystem sftp /usr/libexec/sftp-server
> +Subsystem sftp internal-sftp -l INFO

Hi,

What is the difference between these two ?  Is it not all OpenSSH ?

    ---Mike


_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Deprecating ftpd in the FreeBSD base system?

Allan Jude-9
In reply to this post by Ed Maste-2
On 2020-09-16 13:34, Ed Maste wrote:

> FTP is (becoming?) a legacy protocol, and I think it may be time to
> remove the ftp server from the FreeBSD base system - with the recent
> security advisory for ftpd serving as a reminder.
>
> I've proposed adding a deprecation notice to the man page in
> https://reviews.freebsd.org/D26447 to start this off. There are a
> number of ftp servers in ports, and if we're going to remove the base
> system one we can create a port for it first, as well.
>
> Any comments or concerns, please follow up in the code review or in email here.
> _______________________________________________
> [hidden email] mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "[hidden email]"
>
Is the version we have in base unique? That is to say, does it need to
be preserved somehow.

I know it is based on on the original 4.2BSD ftpd, but did we pull in
code from anywhere else at some point?

Or maybe a better question is: Which ftpd is the most similar, and would
allow people to migrate most easily (tnftpd from netbsd?)

--
Allan Jude


signature.asc (851 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Deprecating ftpd in the FreeBSD base system?

Michael Gmelin-2
In reply to this post by mdtancsa


> On 16. Sep 2020, at 22:45, mike tancsa <[hidden email]> wrote:
>
> On 9/16/2020 2:07 PM, [hidden email] wrote:
>> # override default of no subsystems
>> -Subsystem    sftp    /usr/libexec/sftp-server
>> +Subsystem    sftp    internal-sftp -l INFO
>
> Hi,
>
> What is the difference between these two ?  Is it not all OpenSSH ?

Yes, but one is an external binary, while internal doesn’t rely on that. Which means that your chroot setup won’t require bin and lib dirs. For most scenarios, internal is the way to go.

The man page has more details.

-m


>     ---Mike
>
>
> _______________________________________________
> [hidden email] mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "[hidden email]"

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Deprecating ftpd in the FreeBSD base system?

Michael Gmelin-2


> On 16. Sep 2020, at 22:53, Michael Gmelin <[hidden email]> wrote:
>
> 
>
>>> On 16. Sep 2020, at 22:45, mike tancsa <[hidden email]> wrote:
>>>
>>> On 9/16/2020 2:07 PM, [hidden email] wrote:
>>> # override default of no subsystems
>>> -Subsystem    sftp    /usr/libexec/sftp-server
>>> +Subsystem    sftp    internal-sftp -l INFO
>>
>> Hi,
>>
>> What is the difference between these two ?  Is it not all OpenSSH ?
>
> Yes, but one is an external binary, while internal doesn’t rely on that. Which means that your chroot setup won’t require bin and lib dirs. For most scenarios, internal is the way to go.
>
> The man page has more details.
>
> -m

p.s. this is a good write-up:

https://serverfault.com/questions/660160/openssh-difference-between-internal-sftp-and-sftp-server


>
>
>>    ---Mike
>>
>>
>> _______________________________________________
>> [hidden email] mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-current
>> To unsubscribe, send any mail to "[hidden email]"
>
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Deprecating ftpd in the FreeBSD base system?

Ed Maste-2
In reply to this post by Allan Jude-9
On Wed, 16 Sep 2020 at 16:51, Allan Jude <[hidden email]> wrote:
>
> Is the [ftpd] version we have in base unique? That is to say, does it need
> to be preserved somehow.

I'm not sure if we have functionality that doesn't exist elsewhere,
although we definitely have some changes that do not exist in other
BSDs.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Deprecating ftpd in the FreeBSD base system?

Cy Schubert-4
In reply to this post by Ed Maste-2
In message <[hidden email]
om>
, Ed Maste writes:

> FTP is (becoming?) a legacy protocol, and I think it may be time to
> remove the ftp server from the FreeBSD base system - with the recent
> security advisory for ftpd serving as a reminder.
>
> I've proposed adding a deprecation notice to the man page in
> https://reviews.freebsd.org/D26447 to start this off. There are a
> number of ftp servers in ports, and if we're going to remove the base
> system one we can create a port for it first, as well.
>
> Any comments or concerns, please follow up in the code review or in email her
> e.

We should also deprecate the FTP client.

I've been advocating removing FTP (and HTTP) from libfetch as well. People
should be using HTTPS only. (libfetch could support a plugin that might be
supplied by a port should someone be inclined to write one.)

FTP is firewall unfriendly.

The F5 gateway at $JOB does not support FTP. When we still worked at the
office I had to take my $JOB laptop to the coffee shop to use their
wireless to download patches from Broadcom's FTP site. Now that I WFH (we
won't ever go back to the office) I download while disconnected from the
VPN.

Then move the removed bits to ports, which I think we already have in tnftp
and tnftpd.


--
Cheers,
Cy Schubert <[hidden email]>
FreeBSD UNIX:  <[hidden email]>   Web:  https://FreeBSD.org
NTP:           <[hidden email]>    Web:  https://nwtime.org

        The need of the many outweighs the greed of the few.


_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Deprecating ftpd in the FreeBSD base system?

Gleb Popov-2
On Thu, Sep 17, 2020 at 6:05 PM Cy Schubert <[hidden email]>
wrote:

> I've been advocating removing FTP (and HTTP) from libfetch as well. People
> should be using HTTPS only.
>

Isn't this a bit too much? I often find myself in need to download
something starting with "http://" or "ftp://" and use fetch for this.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Deprecating ftpd in the FreeBSD base system?

Kurt Jaeger-6
Hi!

> > I've been advocating removing FTP (and HTTP) from libfetch as well. People
> > should be using HTTPS only.

> Isn't this a bit too much? I often find myself in need to download
> something starting with "http://" or "ftp://" and use fetch for this.

It's a bit too much. Deprecating it, 'add --really if you really
want to use http/ftp' would be more useful for the common
sys-admin 8-)

--
[hidden email]            +49 171 3101372                    Now what ?
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Deprecating ftpd in the FreeBSD base system?

Cy Schubert-4
In reply to this post by Gleb Popov-2
In message <CALH631n=MEvoS+3qOo9nM6-VXYW85jVxv1ih1w=[hidden email]
om>
, Gleb Popov writes:

> --00000000000028da0a05af83697d
> Content-Type: text/plain; charset="UTF-8"
>
> On Thu, Sep 17, 2020 at 6:05 PM Cy Schubert <[hidden email]>
> wrote:
>
> > I've been advocating removing FTP (and HTTP) from libfetch as well. People
> > should be using HTTPS only.
> >
>
> Isn't this a bit too much? I often find myself in need to download
> something starting with "http://" or "ftp://" and use fetch for this.

Nope.


--
Cheers,
Cy Schubert <[hidden email]>
FreeBSD UNIX:  <[hidden email]>   Web:  https://FreeBSD.org
NTP:           <[hidden email]>    Web:  https://nwtime.org

        The need of the many outweighs the greed of the few.


_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Deprecating ftpd in the FreeBSD base system?

Goran Mekić
In reply to this post by Kurt Jaeger-6
On Thu, Sep 17, 2020 at 04:46:19PM +0200, Kurt Jaeger wrote:

> Hi!
>
> > > I've been advocating removing FTP (and HTTP) from libfetch as well. People
> > > should be using HTTPS only.
>
> > Isn't this a bit too much? I often find myself in need to download
> > something starting with "http://" or "ftp://" and use fetch for this.
>
> It's a bit too much. Deprecating it, 'add --really if you really
> want to use http/ftp' would be more useful for the common
> sys-admin 8-)
Doesn't pkg/freebsd-update use libfetch? If I'm right and they do, http
is widely used, then.

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Deprecating ftpd in the FreeBSD base system?

Ian Lepore-3
In reply to this post by Gleb Popov-2
On Thu, 2020-09-17 at 18:43 +0400, Gleb Popov wrote:

> On Thu, Sep 17, 2020 at 6:05 PM Cy Schubert <
> [hidden email]>
> wrote:
>
> > I've been advocating removing FTP (and HTTP) from libfetch as well.
> > People
> > should be using HTTPS only.
> >
>
> Isn't this a bit too much? I often find myself in need to download
> something starting with "http://" or "ftp://" and use fetch for this.
>

Indeed, we have products which rely on this ability in libfetch and we
have to keep supporting them for many many years to come.

I hate it when someone imperiously declares [For security reasons]
"People should/shouldn't be using ______".  You have no idea what the
context is, and thus no ability to declare what should or shouldn't be
used in that context.  For example, two embedded systems talking to
each other over a point to point link within a sealed device are not
concerned about man in the middle attacks or other modern internet
threats.

-- Ian


_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Deprecating ftpd in the FreeBSD base system?

Baptiste Daroussin-2
In reply to this post by Cy Schubert-4
On Thu, Sep 17, 2020 at 07:04:41AM -0700, Cy Schubert wrote:

> In message <[hidden email]
> om>
> , Ed Maste writes:
> > FTP is (becoming?) a legacy protocol, and I think it may be time to
> > remove the ftp server from the FreeBSD base system - with the recent
> > security advisory for ftpd serving as a reminder.
> >
> > I've proposed adding a deprecation notice to the man page in
> > https://reviews.freebsd.org/D26447 to start this off. There are a
> > number of ftp servers in ports, and if we're going to remove the base
> > system one we can create a port for it first, as well.
> >
> > Any comments or concerns, please follow up in the code review or in email her
> > e.
>
> We should also deprecate the FTP client.
>
> I've been advocating removing FTP (and HTTP) from libfetch as well. People
> should be using HTTPS only. (libfetch could support a plugin that might be
> supplied by a port should someone be inclined to write one.)
>
That that and we can throw away half of the ports tree ;)

Best regards,
Bapt

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Deprecating ftpd in the FreeBSD base system?

Brooks Davis-2
In reply to this post by Gleb Popov-2
On Thu, Sep 17, 2020 at 06:43:16PM +0400, Gleb Popov wrote:
> On Thu, Sep 17, 2020 at 6:05 PM Cy Schubert <[hidden email]>
> wrote:
>
> > I've been advocating removing FTP (and HTTP) from libfetch as well. People
> > should be using HTTPS only.
> >
>
> Isn't this a bit too much? I often find myself in need to download
> something starting with "http://" or "ftp://" and use fetch for this.

<sarcasm>
Yes, let's remove access to instance metadata on several (hundred-?)million
AWS instances.
</sarcasm>

-- Brooks

signature.asc (465 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Deprecating ftpd in the FreeBSD base system?

Lucas Nali de Magalhães
In reply to this post by Cy Schubert-4
Hi.

> On Sep 17, 2020, at 11:05 AM, Cy Schubert <[hidden email]> wrote:
> In message <[hidden email]
> om>
> , Ed Maste writes:
>> FTP is (becoming?) a legacy protocol, and I think it may be time to
>> remove the ftp server from the FreeBSD base system - with the recent
>> security advisory for ftpd serving as a reminder.
>
> We should also deprecate the FTP client.
>
> I've been advocating removing FTP (and HTTP) from libfetch as well. People
> should be using HTTPS only. (libfetch could support a plugin that might be
> supplied by a port should someone be inclined to write one.)

I usually evaluate the possibility to interact with legacy stuff as a feature and then this would make FreeBSD shine less. The associated security improvement could be done in many different ways and this one is one of the worsts. Maybe a warning during use or a flag to disable/enable it when desired or needed? And among all the security measures the project can take to improve FreeBSD security, this one is on the bottom of my list for sure. FTPD not even comes enabled by default.

--
rollingbits — 📧 [hidden email] 📧 [hidden email] 📧 [hidden email] 📧 [hidden email] 📧 [hidden email]

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Deprecating ftpd in the FreeBSD base system?

Maxim Sobolev-2
In reply to this post by Cy Schubert-4
Re: removing HTTP client please no!!! The current drive to "outlaw" HTTP
coming from companies who see all world via web browser. Totally ignoring
the fact that HTTP != HTTPS in particular in cases where reliability and
lower complexity of the system takes precedence over on-the-wire protocol
security. For example, many internal APIs of AWS EC2 are HTTP.

-Max

On Thu., Sep. 17, 2020, 7:04 a.m. Cy Schubert, <[hidden email]>
wrote:

> In message
> <[hidden email]
> om>
> , Ed Maste writes:
> > FTP is (becoming?) a legacy protocol, and I think it may be time to
> > remove the ftp server from the FreeBSD base system - with the recent
> > security advisory for ftpd serving as a reminder.
> >
> > I've proposed adding a deprecation notice to the man page in
> > https://reviews.freebsd.org/D26447 to start this off. There are a
> > number of ftp servers in ports, and if we're going to remove the base
> > system one we can create a port for it first, as well.
> >
> > Any comments or concerns, please follow up in the code review or in
> email her
> > e.
>
> We should also deprecate the FTP client.
>
> I've been advocating removing FTP (and HTTP) from libfetch as well. People
> should be using HTTPS only. (libfetch could support a plugin that might be
> supplied by a port should someone be inclined to write one.)
>
> FTP is firewall unfriendly.
>
> The F5 gateway at $JOB does not support FTP. When we still worked at the
> office I had to take my $JOB laptop to the coffee shop to use their
> wireless to download patches from Broadcom's FTP site. Now that I WFH (we
> won't ever go back to the office) I download while disconnected from the
> VPN.
>
> Then move the removed bits to ports, which I think we already have in
> tnftp
> and tnftpd.
>
>
> --
> Cheers,
> Cy Schubert <[hidden email]>
> FreeBSD UNIX:  <[hidden email]>   Web:  https://FreeBSD.org
> NTP:           <[hidden email]>    Web:  https://nwtime.org
>
>         The need of the many outweighs the greed of the few.
>
>
> _______________________________________________
> [hidden email] mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "[hidden email]"
>
>
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Deprecating ftpd in the FreeBSD base system?

Daniel Eischen

> On Sep 17, 2020, at 11:20 AM, Maxim Sobolev <[hidden email]> wrote:
>
> Re: removing HTTP client please no!!! The current drive to "outlaw" HTTP
> coming from companies who see all world via web browser. Totally ignoring
> the fact that HTTP != HTTPS in particular in cases where reliability and
> lower complexity of the system takes precedence over on-the-wire protocol
> security. For example, many internal APIs of AWS EC2 are HTTP.

Agree.  And remember the mantra: tools, not policy.

--
DE


_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
12