From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00
	autolearn=unavailable autolearn_force=no version=3.4.4
Path: 
 border1.nntp.ams.giganews.com!nntp.giganews.com!xlned.com!feeder5.xlned.com!npeer.de.kpn-eurorings.net!npeer-ng0.de.kpn-eurorings.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: =?UTF-8?B?QmrDtnJu?= Persson <bjorn@xn--rombobjrn-67a.se>
Newsgroups: comp.lang.ada
Subject: Re: library/binding for sftp?
Date: Thu, 8 Aug 2013 11:14:04 +0200
Message-ID: <20130808111404.5fc6ce14@hactar.xn--rombobjrn-67a.se>
References: <85li4gmhrt.fsf@stephe-leake.org>
 <2wgl8bcmdsu0$.1rs1604fzwufv.dlg@40tude.net>
 <85vc3jfias.fsf@stephe-leake.org>
 <1gwg87tgm2bo7$.ae7440ka6kmc.dlg@40tude.net>
 <85bo59g6h7.fsf@stephe-leake.org>
 <ul3xotcxb4wh$.1rfdfqdzhndf.dlg@40tude.net>
 <kttvbd$jp7$1@dont-email.me>
 <bccmiwywovsc.1gr3p41feupbk$.dlg@40tude.net>
 <5987935c-dbce-4602-b0e6-2bb85513588b@googlegroups.com>
 <9oo34px7j5ko$.1j7bcnxwzgcxe.dlg@40tude.net>
 <ef5ac77e-14b7-4328-8b7f-0db73020cee5@googlegroups.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Trace: individual.net XlEzKFfb+SokTRspp49WsAPXldFSGIyJhtSWKhU/v1MD/ODzlD
Cancel-Lock: sha1:GE63RYGd9YH0UhEabPPlNsaOO08=
X-Newsreader: Claws Mail 3.9.0 (GTK+ 2.24.13; x86_64-redhat-linux-gnu)
Xref: number.nntp.dca.giganews.com comp.lang.ada:182861
Date: 2013-08-08T11:14:04+02:00
List-Id: <comp.lang.ada>

Alan Jump wrote:
> On Wednesday, August 7, 2013 1:26:24 PM UTC-7, Dmitry A. Kazakov
> wrote:
>=20
> > Yep, and obscurity means that others don't know the technique even
> > if the technique itself is stunningly simple.
>=20
> It also means no one but you can implement it.

That's not true. Free software developers have reverse-engineered
several proprietary protocols and written compatible free
implementations. One prominent example is Samba, a free implementation
of Microsoft's proprietary file sharing protocol SMB.

Of course a public standard protocol is always preferable. I
reverse-engineered a protocol myself once. I was given a sample dump of
the communication between two programs, and wrote a filter that could
be inserted between them to modify the messages in transit. My code had
a lot of conditionals to allow for all the variation I saw in the dump.
A couple years later, when I got to see some source code, it turned out
that my code was unnecessarily complex. It allowed for combinations
that would never occur. So a protocol specification is better but
reverse-engineering is also possible when there is no specification.

Eavesdropping doesn't even require a complete protocol implementation.
It will certainly not be hard for spies to get the sensitive data out
of a simple but undocumented file transfer protocol, even if there are
some protocol details that they haven't quite figured out.

Bj=C3=B6rn Persson