Re: FTP Extensions for Cryptographic Hashes (draft-bryan-ftp-hash)

Tim Kosse <> Thu, 01 April 2010 19:32 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 35C1C3A69BA for <>; Thu, 1 Apr 2010 12:32:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.019
X-Spam-Status: No, score=0.019 tagged_above=-999 required=5 tests=[BAYES_05=-1.11, DNS_FROM_OPENWHOIS=1.13, NO_RELAYS=-0.001]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id r19ESDlCyCLa for <>; Thu, 1 Apr 2010 12:32:01 -0700 (PDT)
Received: from ( [IPv6:2a01:198:200:5b7::2]) by (Postfix) with ESMTP id 45B4D3A6836 for <>; Thu, 1 Apr 2010 12:32:01 -0700 (PDT)
Received: from [2a01:198:458::59] by with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from <>) id 1NxQ7w-00048D-OU; Thu, 01 Apr 2010 21:32:29 +0200
Message-ID: <>
Date: Thu, 01 Apr 2010 21:32:21 +0200
From: Tim Kosse <>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20100317 Lightning/1.0b1 Thunderbird/3.0.4
MIME-Version: 1.0
To: Daniel Stenberg <>
Subject: Re: FTP Extensions for Cryptographic Hashes (draft-bryan-ftp-hash)
References: <> <>
In-Reply-To: <>
X-Enigmail-Version: 1.0.1
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="------------enigC93D1AC241D49ABE1F02F535"
Cc: Alfred HÎnes <>,,
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: General discussion of application-layer protocols <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 01 Apr 2010 19:32:02 -0000

On 2010-03-24 22:59, Daniel Stenberg wrote:
> You use 550 as response code when the user isn't allowed to use the HASH
> command, but I find that 550 is otherwise often used for file-not-found
> in both SIZE, RETR and other responses.

It is very common for servers to return 550 for "Permission/access
denied". Even RFC 959 gives an example with a "550 Access denied" reply
to STOR.

Also, RFC 3659 states that a 550 reply to SIZE "MUST NOT be taken by the
client as an indication that the file cannot be transferred [...] A
server may generate this error for other reasons [...]"

> Wouldn't it make sense to have a "file not found" response for when you
> try to HASH a non-existing file? Wouldn't it make sense to re-use the
> same error code (550) for that as other command use?

Yes, for "file not found" 550 should be used.

> Maybe the "HASH not allowed" case can use 552 or 553?

If I interpret RFC 959 correctly, 550 should be used for all errors not
having a dedicated 55z reply code. It gives 552 as "Exceeded storage
allocation" and 553 as "File name not allowed". That pretty much rules
out 552 for "permission denied" and 553 does not seem fitting either.

So I would just use 550 for both "File not found" as well as "Permission

Frankly said, I doubt that FTP clients would even care about a
difference. It's possible to create FTP clients that only care about the
first digit of a reply, whereas a person would always look at the text
and not the exact code.

Tim Kosse