Re: FTP Extensions for Cryptographic Hashes (draft-bryan-ftp-hash)

"William F. Maton Sotomayor" <wmaton@ryouko.imsb.nrc.ca> Tue, 06 April 2010 13:01 UTC

Return-Path: <wmaton@ryouko.imsb.nrc.ca>
X-Original-To: apps-discuss@core3.amsl.com
Delivered-To: apps-discuss@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2DCEB3A67A7 for <apps-discuss@core3.amsl.com>; Tue, 6 Apr 2010 06:01:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G98Tc8vYtkf8 for <apps-discuss@core3.amsl.com>; Tue, 6 Apr 2010 06:01:13 -0700 (PDT)
Received: from ryouko.imsb.nrc.ca (ryouko.imsb.nrc.ca [IPv6:2001:410:9000:127::10]) by core3.amsl.com (Postfix) with ESMTP id A9E3D3A6452 for <Apps-Discuss@ietf.org>; Tue, 6 Apr 2010 06:01:09 -0700 (PDT)
Received: from ryouko.imsb.nrc.ca (localhost [127.0.0.1]) by ryouko.imsb.nrc.ca (8.14.3/8.14.3) with ESMTP id o36D0nG9016552 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <Apps-Discuss@ietf.org>; Tue, 6 Apr 2010 09:00:54 -0400
Received: from localhost (wmaton@localhost) by ryouko.imsb.nrc.ca (8.14.3/8.14.3/Submit) with ESMTP id o36D0noF016549 for <Apps-Discuss@ietf.org>; Tue, 6 Apr 2010 09:00:49 -0400
Date: Tue, 06 Apr 2010 09:00:49 -0400
From: "William F. Maton Sotomayor" <wmaton@ryouko.imsb.nrc.ca>
To: Apps-Discuss@ietf.org
Subject: Re: FTP Extensions for Cryptographic Hashes (draft-bryan-ftp-hash)
Message-ID: <Pine.LNX.4.64.1004060900370.13911@ryouko.imsb.nrc.ca>
MIME-Version: 1.0
Content-Type: MULTIPART/Mixed; BOUNDARY="-159118721-1769907042-1269825217=:16829"
Content-ID: <Pine.LNX.4.64.1004060900371.13911@ryouko.imsb.nrc.ca>
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: wmaton@ryouko.imsb.nrc.ca
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Apr 2010 13:01:14 -0000

Hi Anthony

 	Nice draft.  FYI, I'm semi-maintaining the venerable wu-ftpd codebase, 
largely for my own purposes as well as to collate the various patches I have 
come across the 'net.  FYI, wu-ftpd supprts the following to do something 
similar (I think it's had that for ages now?) :

     | SITE check_login SP CHECKMETHOD SP method CRLF
     | SITE check_login SP CHECKMETHOD CRLF
     | SITE check_login SP CHECKSUM SP pathname CRLF
     | SITE check_login SP CHECKSUM CRLF

Right now the code 'cheats' its way to doing it like this:

1) Which ones we support:

         reply(200, "Current checksum method: MD5 (RFC1321)");
         reply(200, "Current checksum method: CRC (POSIX)");

2) Making calls to installed programs in the paths.

And of course in English:

o  Added 'SITE CHECKMETHOD' and 'SITE CHECKSUM'.

         SITE CHECKMETHOD [CRC|POSIX|MD5|RFC1321]

 	Sets or displays the current check method.  If no parameter is
 	given, displays the current method; otherwise the method is set to
 	the given algorithm.  CRC and POSIX are equivalent and are the
 	output of the GNU cksum(1) utility.  MD5 and RFC1321 are equivalent
 	and are the output of the GNU md5sum(1) utility.  The default check
 	method is RFC1321 (MD5).

 	SITE CHECKSUM [<file>]

 	Calculates the checksum for the named file.  If no file is given,
 	the last file transferred (uploaded or download) is used.  If no
 	file has yet been transferred, reports an error.  The current
 	CHECKMETHOD is used to calculate the checksum.

Looking at the code it seems to have been introduced sometime in 1998.

FYI, more on this at my site:

 	http://www.wfms.org/wu-ftpd/

I'll have a second look at your draft and see if I can offer up any more 
comments.  Thanks!

On Wed, 24 Mar 2010, Anthony Bryan wrote:

> Hi,
> 
> This ID proposes a feature where FTP clients can request the hash of a
> file. A number of FTP clients and servers have implemented multiple
> commands (XMD5, XSHA1, SITE SHOHASH, etc) that are not formally
> specified, leading to non-interoperability and confusion.
> 
> We have talked to FTP application authors that are interested in this
> feature. Others have previously resisted implementing this feature
> because it isn't formally specified.
> 
> We already have some issues from Alfred Hoenes and John Klensin to
> address. If you are interested, please review & reply.
> 
> thanks,
> -- 
> (( Anthony Bryan ... Metalink [ http://www.metalinker.org ]
>  )) Easier, More Reliable, Self Healing Downloads
> 
> 
> A new version of I-D, draft-bryan-ftp-hash-00.txt has been
> successfully submitted by Anthony Bryan and posted to the IETF
> repository.
> 
> Filename:        draft-bryan-ftp-hash
> Revision:        00
> Title:           FTP Extensions for Cryptographic Hashes
> Creation_date:   2010-03-23
> WG ID:           Independent Submission
> Number_of_pages: 7
> 
> Abstract:
> The specification for the File Transfer Protocol does not include
> methods to obtain cryptographic hashes of files.  Cryptographic
> hashes can be used to identify files and verify integrity.
> Unfortunately, because of the desire for this feature, multiple
> commands that are not formally specified have been implemented in FTP
> applications leading to non-interoperability and confusion.  This
> specification documents an optional command where FTP clients can
> request the cryptographic hash of a file from a FTP server.
> _______________________________________________
> Apps-Discuss mailing list
> Apps-Discuss@ietf.org
> https://www.ietf.org/mailman/listinfo/apps-discuss
>


wfms