Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!cs.utexas.edu!tut.cis.ohio-state.edu!ucbvax!SHEMESH.GBA.NYU.EDU!ittai
From: ittai@SHEMESH.GBA.NYU.EDU (Ittai Hershman)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: BITNET -- Internet capabilities
Message-ID: <CMM.0.88.625426476.ittai@shemesh.gba.nyu.edu>
Date: 26 Oct 89 17:34:36 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 40


    >I wish the Internet had BITNET-style sender-initiated file transfer
    >that did not require the sender to know the receiver's password.  It's
    >very convenient.  Sending files as email is not very user friendly.

    The ability of some arbitrary user elsewhere on a network I'm
    connected to to put files in my account without (at least) password
    protection is a security hole.  I'm glad my systems aren't directly
    connected to BITNET.

    ftp and sending files as mail do work, though I concede a better user
    interface could be devised if someone had the time (I don't).

I manage a site with both BITnet and Internet connections.  I have never
held BITnet in high esteem (on a technical level), but I have changed my
view on this subject.

There are many legitimate cases where sender-initiated file transfer
is warranted.  The one that comes most quickly to mind, is the case
where two (or more) researchers are collaborating on a paper and need
to send drafts back and forth; they are also working on other papers
and therefore do not want to swap password information.  On the
Internet, this basically leaves them at the mercy of using e-mail.
And not all e-mail UA's are capable of being used as file-transfer
utilities.

While not perfect, and decidedly implemented for brain damaged
reasons, the BITnet service is adaptable at low risk.  The security
mechanism is quite simple -- all sender-initiated file transfers are
collected in a spool directory, and users run a "RECEIVE" utility (a
la Joiner's JNET implementation of RSCS for VMS) to actually bring the
file into their directory.  The spool area then becomes a DMZ, no more
risky than anonymous FTP.

Yes, I agree this is not optimal.  Yes, I agree that this service
could be abused.  I think, though, that this would be a terribly
useful service to add until such a time when a more elegant solution
is found.

-Ittai