[ftpext] Hello, firewall draft and password protection

Paul Ford-Hutchinson <paulfordh@uk.ibm.com> Mon, 28 June 2010 14:34 UTC

Return-Path: <paulfordh@uk.ibm.com>
X-Original-To: ftpext@core3.amsl.com
Delivered-To: ftpext@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 05C083A6807 for <ftpext@core3.amsl.com>; Mon, 28 Jun 2010 07:34:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.739
X-Spam-Status: No, score=-4.739 tagged_above=-999 required=5 tests=[BAYES_20=-0.74, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id Xme+VCpScPHu for <ftpext@core3.amsl.com>; Mon, 28 Jun 2010 07:33:57 -0700 (PDT)
Received: from mtagate2.uk.ibm.com (mtagate2.uk.ibm.com []) by core3.amsl.com (Postfix) with ESMTP id ACDC83A67E9 for <ftpext@ietf.org>; Mon, 28 Jun 2010 07:33:55 -0700 (PDT)
Received: from d06nrmr1507.portsmouth.uk.ibm.com (d06nrmr1507.portsmouth.uk.ibm.com []) by mtagate2.uk.ibm.com (8.13.1/8.13.1) with ESMTP id o5SEY4YL029562 for <ftpext@ietf.org>; Mon, 28 Jun 2010 14:34:04 GMT
Received: from d06av05.portsmouth.uk.ibm.com (d06av05.portsmouth.uk.ibm.com []) by d06nrmr1507.portsmouth.uk.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id o5SEY0t31474664 for <ftpext@ietf.org>; Mon, 28 Jun 2010 15:34:04 +0100
Received: from d06av05.portsmouth.uk.ibm.com (loopback []) by d06av05.portsmouth.uk.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id o5SEY0PS003640 for <ftpext@ietf.org>; Mon, 28 Jun 2010 08:34:00 -0600
Received: from d06ml069.portsmouth.uk.ibm.com (d06ml069.portsmouth.uk.ibm.com []) by d06av05.portsmouth.uk.ibm.com (8.14.4/8.13.1/NCO v10.0 AVin) with ESMTP id o5SEY0Si003637 for <ftpext@ietf.org>; Mon, 28 Jun 2010 08:34:00 -0600
To: ftpext@ietf.org
MIME-Version: 1.0
X-KeepSent: 221A265E:71CED6D5-80257750:004EEF80; type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 8.0.2FP1 SHF149 July 17, 2009
From: Paul Ford-Hutchinson <paulfordh@uk.ibm.com>
Message-ID: <OF221A265E.71CED6D5-ON80257750.004EEF80-80257750.0050020D@uk.ibm.com>
Date: Mon, 28 Jun 2010 15:42:09 +0100
X-MIMETrack: Serialize by Router on D06ML069/06/M/IBM(Release 8.0.2FP2|June 22, 2009) at 28/06/2010 15:42:10, Serialize complete at 28/06/2010 15:42:10
Content-Type: multipart/alternative; boundary="=_alternative 004FEF2E80257750_="
Subject: [ftpext] Hello, firewall draft and password protection
X-BeenThere: ftpext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <ftpext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ftpext>, <mailto:ftpext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ftpext>
List-Post: <mailto:ftpext@ietf.org>
List-Help: <mailto:ftpext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ftpext>, <mailto:ftpext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Jun 2010 15:59:14 -0000

Firstly, hello FTP-EXTers - hope you're all well.

Secondly, I have been asked about the current status of:
    draft-fordh-ftp-ssl-firewall-07 FTP/TLS Friendly Firewalls 2005-10-21 

As far as I'm concerned, this document has outlived its usefulness.  The 
war between firewalls and secure protocols has died right down now and I 
don't think this draft is needed any more.  If, however, others disagree, 
then I'm happy for it to be resurrected.

Finally, there is another thread on this list stating that TLS is overkill 
for protecting passwords in FTP.  To which I have two replies:

1) implementing TLS isn't hard for server only authentication - the http 
world has managed it, I don't see why FTP should be any harder.
2) please, please think very carefully before calling for a new security 
mechanism to be created and deployed - such things are notoriously 
difficult to do correctly.


Paul Ford-Hutchinson (Author - RFC4217)