Thus spake "C. Hagel" <nanog@lordkron.net>
Or even sftp. This could enhance the security and still allow the "tftp" style of getting the conigs. I know it's not widely used (if at all in this scenario) but it could be a fix.
I would think that HTTPS is both closer to the TFTP model (ask for a file, slurp it down over the same socket) than either FTP/SSL or FTP/SSH and also easier to implement. If all one is doing is checking if a file is changed and then grabbing a new copy if needed, HTTP is pretty darn simple, and there are several HTTPS libraries with BSD licenses one can easily incorporate into commercial products. HTTPS also has the benefit that any potential customer can be expected to already have a server available or would be willing to put one up. I've run into a lot of resistance from operators with FTP -- they actually prefer TFTP if those are the only choices -- and wouldn't want to teach them how to properly install FTP/SSL or FTP/SSH. We live in a port 80/443 world. S Stephen Sprunk "Stupid people surround themselves with smart CCIE #3723 people. Smart people surround themselves with K5SSS smart people who disagree with them." --Aaron Sorkin