Re: [ftpext] FTP password protection?
Daniel Stenberg <daniel@haxx.se> Wed, 23 June 2010 11:36 UTC
Return-Path: <daniel@haxx.se>
X-Original-To: ftpext@core3.amsl.com
Delivered-To: ftpext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ABE263A699E for <ftpext@core3.amsl.com>; Wed, 23 Jun 2010 04:36:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.734
X-Spam-Level:
X-Spam-Status: No, score=-3.734 tagged_above=-999 required=5 tests=[AWL=-1.485, BAYES_00=-2.599, HELO_EQ_SE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lT5aFdbxRn5C for <ftpext@core3.amsl.com>; Wed, 23 Jun 2010 04:36:37 -0700 (PDT)
Received: from giant.haxx.se (giant.haxx.se [80.67.6.50]) by core3.amsl.com (Postfix) with ESMTP id 341A73A6A01 for <ftpext@ietf.org>; Wed, 23 Jun 2010 04:36:30 -0700 (PDT)
Received: from giant.haxx.se (dast@giant.haxx.se [80.67.6.50]) by giant.haxx.se (8.14.3/8.14.3/Debian-9.1) with ESMTP id o5NBabeE017913; Wed, 23 Jun 2010 13:36:37 +0200
Date: Wed, 23 Jun 2010 13:36:37 +0200
From: Daniel Stenberg <daniel@haxx.se>
X-X-Sender: dast@giant.haxx.se
To: Iljitsch van Beijnum <iljitsch@muada.com>
In-Reply-To: <58A35E57-7187-49B3-815B-A49121A5AD10@muada.com>
Message-ID: <alpine.DEB.2.00.1006231334120.15043@tvnag.unkk.fr>
References: <D7ECC9F4-9DD9-44F6-B525-9ECF5CE2E49E@muada.com> <alpine.DEB.2.00.1006231309480.15043@tvnag.unkk.fr> <58A35E57-7187-49B3-815B-A49121A5AD10@muada.com>
User-Agent: Alpine 2.00 (DEB 1167 2008-08-23)
X-fromdanielhimself: yes
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-Greylist: Default is to whitelist mail, not delayed by milter-greylist-4.3.5 (giant.haxx.se [80.67.6.50]); Wed, 23 Jun 2010 13:36:38 +0200 (CEST)
Cc: ftpext@ietf.org
Subject: Re: [ftpext] FTP password protection?
X-BeenThere: ftpext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <ftpext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ftpext>, <mailto:ftpext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ftpext>
List-Post: <mailto:ftpext@ietf.org>
List-Help: <mailto:ftpext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ftpext>, <mailto:ftpext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Jun 2010 11:36:39 -0000
On Wed, 23 Jun 2010, Iljitsch van Beijnum wrote: >> Isn't RFC4217, FTP with TLS good enough for this? > > That would be one solution, but it seems like overkill, especially as users > have to set up a certficate. The fact that FTP with TLS isn't used (much? at > all?) in practice suggests that something less ambitious might be helpful. For just adressing the plain text password it might be overkill, yes. But it is an existing, working, implemented and deployed approach... And I must disagree with you. I (as author of a client-side implementation) find it used quite a lot. -- / daniel.haxx.se
- [ftpext] FTP password protection? Iljitsch van Beijnum
- Re: [ftpext] FTP password protection? Daniel Stenberg
- Re: [ftpext] FTP password protection? Iljitsch van Beijnum
- Re: [ftpext] FTP password protection? Daniel Stenberg