Re: [ftpext] [BEHAVE] one week WGLC, draft-ietf-behave-ftp64-05

Dave Thaler <> Wed, 22 December 2010 16:38 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 75F103A6B2A; Wed, 22 Dec 2010 08:38:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -110.242
X-Spam-Status: No, score=-110.242 tagged_above=-999 required=5 tests=[AWL=-0.243, BAYES_00=-2.599, J_CHICKENPOX_22=0.6, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 95+LUc2Y8d+E; Wed, 22 Dec 2010 08:38:10 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 435F03A6A67; Wed, 22 Dec 2010 08:38:10 -0800 (PST)
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Wed, 22 Dec 2010 08:40:08 -0800
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Wed, 22 Dec 2010 08:40:08 -0800
Received: from ([]) by ([]) with mapi; Wed, 22 Dec 2010 08:40:08 -0800
From: Dave Thaler <>
To: Iljitsch van Beijnum <>
Thread-Topic: [BEHAVE] one week WGLC, draft-ietf-behave-ftp64-05
Thread-Index: ActY6jKKLqeAf6WHSOikuiNZqgewtAH/d6IwBraFzQAJXXikgAAN1huAACguIwAABqYt8A==
Date: Wed, 22 Dec 2010 16:40:06 +0000
Message-ID: <>
References: <0cac01cb58ea$32d19a60$9874cf20$@com> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailman-Approved-At: Wed, 22 Dec 2010 08:46:56 -0800
Cc: "" <>, "" <>, Behave WG <>
Subject: Re: [ftpext] [BEHAVE] one week WGLC, draft-ietf-behave-ftp64-05
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 22 Dec 2010 16:38:11 -0000

> -----Original Message-----
> From: Iljitsch van Beijnum []
> Sent: Wednesday, December 22, 2010 3:41 AM
> To: Dave Thaler
> Cc:; Behave WG;
> Subject: Re: [BEHAVE] one week WGLC, draft-ietf-behave-ftp64-05
> [CC to ftpext, please prune as desired when following up]
> On 22 dec 2010, at 1:32, Dave Thaler wrote:
> > To your later question, Microsoft's IIS does support RFC 2640
> > in its FTP server.  Microsoft's current FTP clients, on the other hand, do not
> > support RFC 2640.
> And so does ProFTPD.
> I quickly checked maybe a dozen FTP sites. A few of them supported LANG,
> although none any languages other than English, one UTF8 but not LANG, one
> LANG but not FEAT (which is in non-conformance to RFC 2640). So I guess a
> quick deprecation is off the table.
> After reading RFC 2640 a bit more closely, it turns out that it actually allows
> CR/LFs in filenames, but those are escaped using a null character. This probably
> warrants a warning in the FTP64 document, as ALG implementers may not be
> aware of this and of course a null character has special meaning in languages
> such as C.
> Back to the original problem.
> Ideally, the ALG would observe the LANG negotiation and then send text in the
> desired language. However, there is no way to make sure that the ALG supports
> all the languages that clients and servers may support, so even if the ALG makes
> this attempt, there will be cases when it can't provide text in the desired
> language.
> When that happens, there are two choices:
> 1. block the LANG negotiation and use the default language
> 2. ignore the LANG negotiation and use the default language

Yes for LANG (as opposed to the FEAT exchange), those are the same as I 
described in my email.

> The advantage of 1 is consistency. However, this is more complex to implement
> and despite some evidence of LANG support I fear that actual use of this feature
> is too low to see good real-world testing, so there is a significant risk of bugs
> that won't come to light until the ALG is widely deployed. Another downside is
> that the user is now deprived of text in the desired language for text sent by the
> server that isn't touched by the ALG. Most notably, this would be the greetings.
> With failed LANG negotiation, users probably also wouldn't be able to use UTF-8
> user names, passwords or path names.

The last sentence is not correct.   The LANG command only controls the language
of the server's text responses.  It has no effect on the ability for the client
(or server) to use UTF-8 user names, passwords, or path names.

But yes, the advantage is consistency, and the disadvantage is that you're
limited to languages supported by both the server and the ALG.

> The advantage of 2 is implementation simplicity and that the majority of the text
> is still in the desired language. However, some server responses will be in the
> ALG's (default) language rather than in the negotiated language. (But informed
> users can still see what's going on from the numeric response, the text is merely
> additional information.)

To repeat my earlier point, the disadvantages are
1) Text from the ALG may render as garbage (even overwriting the numeric response,
   making it impossible for the user to see what's going on... remember some languages
   are bidirectional so this isn't just about the backspace character)
2) Some clients might even crash or have other unexpected behavior, since
    2 appears to violate RFC 2640 and hence could easily have untested behavior.

To me, the above disadvantages are strong arguments against 2.

> I propose the following:
> - provide some explanation of the issue in the document
> - ALGs MUST support UTF-8 and the CR0LF thing
> - ALGs MAY monitor the LANG negotiation and adjust their language accordingly
> (with no opinion about what happens when the ALG supports the user desired
> language but the server doesn't)

Personally, I think the above MAY needs to be a MUST.

> - if the ALG doesn't monitor the LANG negotiation or doesn't support the
> negotiated language, it uses its default language
> Thoughts?