Re: [ftpext] Question about draft-bryan-ftp-hash-07

Anthony Bryan <> Wed, 24 November 2010 07:21 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 752BE3A68D3 for <>; Tue, 23 Nov 2010 23:21:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.797
X-Spam-Status: No, score=-2.797 tagged_above=-999 required=5 tests=[AWL=-0.198, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ngC09ytWL8Hn for <>; Tue, 23 Nov 2010 23:21:13 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 000503A68DE for <>; Tue, 23 Nov 2010 23:21:12 -0800 (PST)
Received: by iwn40 with SMTP id 40so10991231iwn.31 for <>; Tue, 23 Nov 2010 23:22:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=vlp2UyU7NTiMkwJ/7SO87pgSaSuvNHwht49PJd2TKNQ=; b=i+q4vx/rt8Y2470HBayw8LfmOgjUgNXlbXQD6lixA3cWKPJRsbEah7kv4wnq+BbsDI FkihgFdMC0b8vtJxH/4/MXgV0L5DnA0u8R5sLJ1QTXRA8I8M555Iq6MSyDJL49fc4aeJ L3cieMv/HmD1L9yJ/XO1nutgBrMhbRIpzuzLg=
DomainKey-Signature: a=rsa-sha1; c=nofws;; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=ixDgkaMWvZyk3Ez73Cm7Qp/Ym5yh5I6ZAPw5V/XXgFBTSl5Pp9jGAKSSKvniIzVX7d 01lrhKNt2M4HsrKZBc1tFF+nRmpv3+LCCrVRWjXM2gk9Y6egkgopdEgWOhH5+L+O9R0N 1VfgEMxpZiKFV/BY7JUiYjbx7r/NNSlMMw+Mo=
MIME-Version: 1.0
Received: by with SMTP id t6mr9266129iby.145.1290583331301; Tue, 23 Nov 2010 23:22:11 -0800 (PST)
Received: by with HTTP; Tue, 23 Nov 2010 23:22:11 -0800 (PST)
In-Reply-To: <>
References: <> <> <>
Date: Wed, 24 Nov 2010 02:22:11 -0500
Message-ID: <>
From: Anthony Bryan <>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [ftpext] Question about draft-bryan-ftp-hash-07
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 24 Nov 2010 07:21:14 -0000

On Wed, Nov 3, 2010 at 8:28 PM, Anthony Bryan <> wrote:
> On Thu, Sep 16, 2010 at 1:28 AM, Anthony Bryan <> wrote:
>> On Fri, Aug 20, 2010 at 6:01 PM, Robert McMurray <> wrote:
>>> With that in mind, I've been thinking through implementation scenarios in the wake of the denial-of-service discussion that took place before IETF 78. More specifically, I've thinking about a scenario where the maximum file size could be configured at the server, so HASH commands could be prevented from stealing too many server resources when larger files are involved. This is purely a server implementation detail that has nothing to do with the draft with the exception of considering which reply code to return.
>>> Looking at section "3.4. HASH Command Errors" in the draft it would seem that none of the 5yz errors that are listed would apply, but returning a 504 reply might seem to make sense in this scenario. If so, would it be worthwhile to add a statement like the following to the draft?
>>>   The server-PI SHOULD reply with a 504 reply if the HASH command is
>>>   used on a file that cannot be processed for policy reasons. (For
>>>   example, the file size exceeds the server's hashing policy.)
>>> Or would a 4yz reply be better since this is a configurable option at the server? Perhaps a 452 reply?
>> revisiting this, Mathias Berchtold is an implementer (ProFTPD module
>> mod_digest, ) of
>> the alternate non-standard commands (XCRC, XMD5, XSHA1, SHA256) that
>> HASH is trying to standardize.
>> mod_digest uses 550 reply code for the case that Robert mentioned of a
>> file not being allowed to be hashed because of a policy.
>> "The DigestMaxSize directive configures the maximum number of bytes a
>> single hash command is allowed to read from a file. If the number of
>> bytes to be read from the file is greater than the configured limit
>> the server will return an error. If no DigestMaxSize directive is
>> configured, then there is no limit. It is stronly recommended to set
>> an upper limit."
>> R_550, "%s: Length (%zu) greater than " CONFIG_DIGEST_MAXSIZE " (%zu)
>> config value", cmd->arg, lLength, lMaxSize);
>> Mathias, any suggestions as an implementer?
>> we use 550 already for file not found.
>>      550 Requested action not taken.
>>          File unavailable (e.g., file not found, no access).
>> we don't seem to have a specific reply code that fits this case currently.
>> should we mint a new reply code (55z since it's permanent & deals with
>> file system) or use another existing code that isn't an exact fit?
> the newest HASH draft uses a new code: 556.
> comments? here's the new text.
>           The server-PI SHOULD reply with a 556 reply if the HASH command is
>           used on a file that cannot be processed for policy reasons.  (For
>           example, if the file size exceeds the server's hashing policy.)
> later:
>           Server operators might wish to allow the HASH command but restrict
>           its use to certain files, for example, if the file size exceeds the
>           server's hashing policy.  A client MUST be able to understand that
>           refusal to process HASH commands may be permanent (if indicated by a
>           556 response) and will not be honoured later.

now that we have a few more people here, if you could go over this
draft before it becomes draft-ietf-ftpext2-hash...

any comments on using this new 556 code?

(( Anthony Bryan ... Metalink [ ]
  )) Easier, More Reliable, Self Healing Downloads