Re: [ftpext] HOST back to FTPEXT2 WG for more review
Paul Ford-Hutchinson <paulfordh@uk.ibm.com> Mon, 25 July 2011 11:53 UTC
Return-Path: <paulfordh@uk.ibm.com>
X-Original-To: ftpext@ietfa.amsl.com
Delivered-To: ftpext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB88321F854E for <ftpext@ietfa.amsl.com>; Mon, 25 Jul 2011 04:53:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.598
X-Spam-Level:
X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VVKueYiNOfAt for <ftpext@ietfa.amsl.com>; Mon, 25 Jul 2011 04:53:55 -0700 (PDT)
Received: from mtagate7.uk.ibm.com (mtagate7.uk.ibm.com [194.196.100.167]) by ietfa.amsl.com (Postfix) with ESMTP id 1612321F8879 for <ftpext@ietf.org>; Mon, 25 Jul 2011 03:35:00 -0700 (PDT)
Received: from d06nrmr1707.portsmouth.uk.ibm.com (d06nrmr1707.portsmouth.uk.ibm.com [9.149.39.225]) by mtagate7.uk.ibm.com (8.13.1/8.13.1) with ESMTP id p6PAYxox020878 for <ftpext@ietf.org>; Mon, 25 Jul 2011 10:34:59 GMT
Received: from d06av07.portsmouth.uk.ibm.com (d06av07.portsmouth.uk.ibm.com [9.149.37.248]) by d06nrmr1707.portsmouth.uk.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id p6PAYqOo2121978 for <ftpext@ietf.org>; Mon, 25 Jul 2011 11:34:59 +0100
Received: from d06av07.portsmouth.uk.ibm.com (loopback [127.0.0.1]) by d06av07.portsmouth.uk.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id p6PAYq73007230 for <ftpext@ietf.org>; Mon, 25 Jul 2011 04:34:52 -0600
Received: from d06ml069.portsmouth.uk.ibm.com (d06ml069.portsmouth.uk.ibm.com [9.149.38.218]) by d06av07.portsmouth.uk.ibm.com (8.14.4/8.13.1/NCO v10.0 AVin) with ESMTP id p6PAYptA007227; Mon, 25 Jul 2011 04:34:51 -0600
In-Reply-To: <alpine.DEB.2.00.1107222237120.1581@tvnag.unkk.fr>
References: <CANqTPeggME=FCiTDpAPAMEcNq36zpojshE6W-=PHtB9it+AZZQ@mail.gmail.com> <alpine.DEB.2.00.1107222237120.1581@tvnag.unkk.fr>
To: Daniel Stenberg <daniel@haxx.se>
MIME-Version: 1.0
X-KeepSent: E237FE3A:1794CEA8-802578D8:0039F193; type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 8.0.2FP1 SHF149 July 17, 2009
From: Paul Ford-Hutchinson <paulfordh@uk.ibm.com>
Message-ID: <OFE237FE3A.1794CEA8-ON802578D8.0039F193-802578D8.003A1E6B@uk.ibm.com>
Date: Mon, 25 Jul 2011 11:34:51 +0100
X-MIMETrack: Serialize by Router on D06ML069/06/M/IBM(Release 8.0.2FP6|July 15, 2010) at 25/07/2011 11:34:51, Serialize complete at 25/07/2011 11:34:51
Content-Type: multipart/alternative; boundary="=_alternative 003A1A75802578D8_="
Cc: ftpext@ietf.org
Subject: Re: [ftpext] HOST back to FTPEXT2 WG for more review
X-BeenThere: ftpext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <ftpext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ftpext>, <mailto:ftpext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ftpext>
List-Post: <mailto:ftpext@ietf.org>
List-Help: <mailto:ftpext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ftpext>, <mailto:ftpext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jul 2011 11:53:56 -0000
Daniel Stenberg wrote on 22/07/2011 21:43:33:
> ... I think even more strongly than before that it would make more sense
to
> have section 3's two alternative versions a and b just be the version B
as
> then a "wrongly placed" HOST would always imply a REIN. Nice and simple.
>
Just to clarify - this is the section that currently reads ...
Server-FTP processes SHOULD treat a situation where the HOST command
is issued after the user has been authenticated by using one of the
following two behaviors:
a. Treat the late HOST command as an erroneous sequence of commands
and return a 503 reply.
b. Treat the late HOST command as though a REIN command was sent
before the HOST command and reset the user-PI to the state that
existed after the TCP connection was first established and before
the initial user authentication and then return the appropriate
reply for the HOST command.
We have to think "why is this being described" and "in which situations is
it relevant".
So, for "why is this being described" - I think we have
- For Server processes to code to
- For Client implementations to code to
for "in which situations is it relevant" - We have
- Servers that want to implement this command
- Servers that don't want to implement this command but don't want to
break any clients (this includes servers that don't want to change
behaviour at all)
- Clients that want to use the HOST command with servers which support it
For servers implementing HOST, you are correct, servers which implement
this spec, should behave like (b) - and, if we wish to mandate that
linkage in the spec (i.e. behaviour (a) is not permitted if the client
knows the server supports HOST (either by FEAT or a successful HOST during
the current session)) - feel free to do so.
However, servers which do not implement HOST, will do (a).
Therefore, for client writers, the client needs to be coded to expect the
behaviour of the server to be (a) or (b) and MUST check the reply to the
HOST to determine if an implicit REIN has happened. Therefore (a) and (b)
should be specified in the doc.
HOWEVER ... We should mandate an explicit REIN
===============================================
Just to mention it one more time in case it got buried in a previous
comment....
I think that the REIN should be mandated as explicitly required; and a
second or subsequent HOST should not be valid until the Client and Server
have successfully completed a REIN/220 exchange. This is because (for
example in RFC4217) the REIN command itself may be governed by 'special'
processing. It is not specified in this document how such processing
should, in general terms, be used for the HOST command.
I have been persuaded not to like "Command XXXX" implicitly does "Command
YYYY". In fact, I got told off for it during the draft stages of what
became RFC4217, which is why "AUTH SSL" (bad) and "AUTH TLS" (good) are
not functionally equivalent.
Paul
--
Paul Ford-Hutchinson CISSP - Tivoli Security Consultant
IBM UK Ltd. - NHBR - 1PH - North Harbour - Portsmouth - PO6 3AU
Tel +44 (0)7500 078379 (internal: 37269105)
- [ftpext] HOST back to FTPEXT2 WG for more review Anthony Bryan
- Re: [ftpext] HOST back to FTPEXT2 WG for more rev… Daniel Stenberg
- Re: [ftpext] HOST back to FTPEXT2 WG for more rev… Paul Ford-Hutchinson
- Re: [ftpext] HOST back to FTPEXT2 WG for more rev… Robert McMurray
- Re: [ftpext] HOST back to FTPEXT2 WG for more rev… Mykyta Yevstifeyev
- Re: [ftpext] HOST back to FTPEXT2 WG for more rev… Alun Jones
- Re: [ftpext] HOST back to FTPEXT2 WG for more rev… Robert McMurray