2228bug.txt

伯克利做的SFTP安全文件传输协议

bugs in 2228

 - there is no reply code to AUTH to indicate that multiple AUTHs are
   not accepted by the server (something like 503 is ideal)

 - there is no reply to AUTH that contains adat data, but says 
   "we're done" (probably should be 234 with adat, or 235 from AUTH)

 - there is no efficient method provided for searching a possibly huge number
   security mechanism possibilities (i.e. just try-fail-try-fail, etc.)

 - PBSZ allows a 0-length to be specified; we'd like a reply code to
   indicate that the specified length is less than the minimum (might be
   protocol-dependent)

 - it is not specified whether PBSZ includes the 4-byte block length header
   or not