I changed the sentence "Its use is now deprecated" to "Some experts deprecate its use in some circumstances" (1st para). Because:
- it is not deprecated by all people.
- it is not deprecated by the IETF in particular.
- it is not deprecated for all uses.
I use telnet to connect between my desktop machine and the server in the next room and I imagine I always will, there are no security concerns in using in that way. Yes, using telnet across the public internet or via untrusted hosts or on untrusted networks is probably not sensible. But that's not what the author said.
- Frankly, now that SSH and OpenSSH are so widely available, I'd use them even across a private network. For one, the ssh daemon has had a lot less buffer overflows than the various telnet daemons. For another, it avoids having to type in passwords every time you do a remote login. For another, using telnet gets you into bad habits. More seriously, I get nervous having my unsecured floating around networks, even private ones.
Seriously, I can't think of *any* circumstances where I'd ever telnet to port 80 again. The telnet client still has a future as a quick-n-dirty way to talk to other types of server, but the telnet daemon is totally dead as far as I am concerned --Robert Merkel
Yes, I understand that you deprecate it. I was just pointing out that not everyone deprecates it, nor it is obsolete (or even obsolescent). I have no concerns over using on our internal network because I believe that if a black hat can gain physical access to our network then we are doomed anyway. --drj.
Oh, some solid sources for the "Experts in computer security recommend that use of telnet for remote logins should be discontinued under all normal circumstances" sentence would be nice. I don't doubt that it is true, but a source would be nice. --drj