Re: [ftpext] FWD: I-D Action: draft-yevstifeyev-ftp-uri-scheme-05.txt
John C Klensin <john-ietf@jck.com> Sun, 31 July 2011 19:42 UTC
Return-Path: <john-ietf@jck.com>
X-Original-To: ftpext@ietfa.amsl.com
Delivered-To: ftpext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4629821F88A0; Sun, 31 Jul 2011 12:42:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.634
X-Spam-Level:
X-Spam-Status: No, score=-102.634 tagged_above=-999 required=5 tests=[AWL=-0.035, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EYoD5IQxMqbM; Sun, 31 Jul 2011 12:42:18 -0700 (PDT)
Received: from bs.jck.com (ns.jck.com [209.187.148.211]) by ietfa.amsl.com (Postfix) with ESMTP id 6FE9921F889D; Sun, 31 Jul 2011 12:42:18 -0700 (PDT)
Received: from [127.0.0.1] (helo=localhost) by bs.jck.com with esmtp (Exim 4.34) id 1Qnbu1-0002yH-OR; Sun, 31 Jul 2011 15:42:22 -0400
Date: Sun, 31 Jul 2011 15:42:20 -0400
From: John C Klensin <john-ietf@jck.com>
To: John Cowan <cowan@mercury.ccil.org>, Apps-discuss list <apps-discuss@ietf.org>
Message-ID: <A17D2EC62D9CD8F2502527CC@PST.JCK.COM>
In-Reply-To: <20110731083853.GB30568@mercury.ccil.org>
References: <4E34DC83.30504@gmail.com> <20110731083853.GB30568@mercury.ccil.org>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Cc: ftpext@ietf.org
Subject: Re: [ftpext] FWD: I-D Action: draft-yevstifeyev-ftp-uri-scheme-05.txt
X-BeenThere: ftpext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <ftpext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ftpext>, <mailto:ftpext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ftpext>
List-Post: <mailto:ftpext@ietf.org>
List-Help: <mailto:ftpext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ftpext>, <mailto:ftpext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Jul 2011 19:42:19 -0000
--On Sunday, July 31, 2011 04:38 -0400 John Cowan <cowan@mercury.ccil.org> wrote: > Mykyta Yevstifeyev scripsit: > >> Sorry for cross-posting to 6 addresses :-); please send >> all your comments to apps-discuss@ietf.org. Note to >> public-iri subscribers: please have a look at Section >> 6. Note to register@uri.arpa subscribers: please comment >> Appendix A of the document. (The link to HTML version: >> http://tools.ietf.org/html/draft-yevstifeyev-ftp-uri-scheme.) > It's inappropriate to say that the client SHALL request a > password from the user if none is supplied and the server > demands one (and likewise for accounts). The client must be > free to fail under such circumstances, as it may be a robot or > otherwise not have a user available. Likewise with SHALL > notify the user, etc. These should be changed to MAYs or > SHOULDs. In principle, this sort of thing could be addressed in the spec by adopting the model described in RFC 5321 for SMTP. That spec basically says that, independent of any other rules, the the client may abort the session at any time for any reason whatsoever. Then it defines what "abort" means. If one wanted to state the above that way, it would be, e.g., "if no password is supplied and the server demands one, then the client MUST either find a password and send it and send a QUIT to abort the session". However, this identifies two other issues: (1) FTP really is designed as an interactive protocol. If it had been designed for single-command-line or URI implementations, several things might be different. The IETF has rarely taken on UI designs directly and has a history of doing poorly when it does try. If the client hasn't spontaneously supplied a password but the server demands one, there are lots of ways (depending on the client and its operational environment) to obtain something password-like and respond to the request. Constraining those choices to "ask the user" when the client does not decide to just abort doesn't reflect either reality or reasonable design. Hence "must respond and send it" above, with the implication that the client MAY do anything it considers reasonable to satisfy that request. (2) More broadly, this is one of many special cases of why I continue to object to doing this as a URI without a lot of careful consideration. It seems to me that there are two logical possibilities for an FTP URI: (a) Do something absolutely minimal that satisfies a large number of cases. This is probably anonymous login only, stream and image transfer only, probably PASV only these days, maybe even a restriction to an ASCII command stream. If an email address is needed for login, a provision for picking that up from an environment variable rather than having it incorporated into the URI, would be important. (b) Fully-reflect the protocol and all of its standardized options. This would get fairly complex for a URI because one would not only want to supply a lot of information but might want to supply it conditionally. Between those two points, there isn't a lot other than slippery slope. john
- [ftpext] FWD: I-D Action: draft-yevstifeyev-ftp-u… Mykyta Yevstifeyev
- Re: [ftpext] FWD: I-D Action: draft-yevstifeyev-f… Mykyta Yevstifeyev
- Re: [ftpext] FWD: I-D Action: draft-yevstifeyev-f… John Cowan
- Re: [ftpext] FWD: I-D Action: draft-yevstifeyev-f… John C Klensin
- Re: [ftpext] FWD: I-D Action: draft-yevstifeyev-f… John Cowan
- Re: [ftpext] [apps-discuss] FWD: I-D Action: draf… Barry Leiba
- Re: [ftpext] [Uri-review] [apps-discuss] FWD: I-D… Mykyta Yevstifeyev