IETF Logo Mail Archive

RE: Call for Community Feedback: Retiring IETF FTP Service

Roman Danyliw <rdd@cert.org> Wed, 18 November 2020 11:00 UTC

Return-Path: <rdd@cert.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 898553A17B0 for <ietf@ietfa.amsl.com>; Wed, 18 Nov 2020 03:00:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W5XsDsb8iCng for <ietf@ietfa.amsl.com>; Wed, 18 Nov 2020 03:00:15 -0800 (PST)
Received: from veto.sei.cmu.edu (veto.sei.cmu.edu [147.72.252.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B84163A0DF3 for <ietf@ietf.org>; Wed, 18 Nov 2020 03:00:15 -0800 (PST)
Received: from delp.sei.cmu.edu (delp.sei.cmu.edu [10.64.21.31]) by veto.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 0AIB0EAe012576; Wed, 18 Nov 2020 06:00:14 -0500
DKIM-Filter: OpenDKIM Filter v2.11.0 veto.sei.cmu.edu 0AIB0EAe012576
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1605697214; bh=lIwSz9BEUMPjJgVpIlLNeH87qkqDDHSYPxRBd0KdPHo=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=J+tx4r+EBy97INPSjyjA77AYMp2Z19r7b7FthTTC0YeJanzkLOqG6LuIRdsPfyOts leBCcqawLsYifXcXJUIl/w522a11x92O2BCvPS/2Bys9RRY1NqFpoKuzqge8nmEgU6 8RyklAhA0faXRRO4RViSJ60GC6fiYtzQaRK4wq1A=
Received: from MURIEL.ad.sei.cmu.edu (muriel.ad.sei.cmu.edu [147.72.252.47]) by delp.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 0AIB0AF8040440; Wed, 18 Nov 2020 06:00:11 -0500
Received: from MORRIS.ad.sei.cmu.edu (147.72.252.46) by MURIEL.ad.sei.cmu.edu (147.72.252.47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Wed, 18 Nov 2020 06:00:10 -0500
Received: from MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb]) by MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb%13]) with mapi id 15.01.2106.002; Wed, 18 Nov 2020 06:00:10 -0500
From: Roman Danyliw <rdd@cert.org>
To: Ned Freed <ned.freed@mrochek.com>
CC: "ned+ietf@mauve.mrochek.com" <ned+ietf@mauve.mrochek.com>, Keith Moore <moore@network-heretics.com>, "ietf@ietf.org" <ietf@ietf.org>
Subject: RE: Call for Community Feedback: Retiring IETF FTP Service
Thread-Topic: Call for Community Feedback: Retiring IETF FTP Service
Thread-Index: Ada3CD1BnAYFDyoMT8WUdvX4VBiWMQFJu10AAABKp4AADHZ9AAAA1a8AAAqaGQAAD5dtAAADcuSAAAdFdID//+X51///+JzggAEcj9f//9UNoA==
Date: Wed, 18 Nov 2020 11:00:09 +0000
Message-ID: <365930470c214fbd982da633c69b3b67@cert.org>
References: <af6ab231024c478bbd28bbec0f9c69c9@cert.org> <0D41F3FD-BA1F-4716-A165-4FE7529431A9@vigilsec.com> <D26DCBB6-3997-4A73-BB46-867B4FD79BD2@eggert.org> <27b80ed2-76fb-aee7-f22d-de56019e9aa9@nostrum.com> <a8bdd67a-13ea-4433-aa38-9cfd48ea28da@network-heretics.com> <0e875497-9986-a0d9-8354-3eac26b7f882@nostrum.com> <a02e15f2-34fb-4124-7ba0-c0ee0070b39f@network-heretics.com> <6a29096e-c76e-9bde-388c-bf411b235346@nostrum.com> <6ff3c8a8-57c9-a278-51ce-ce24fd2dfc0e@network-heretics.com> <01RS3W7DNPHA005PTU@mauve.mrochek.com> <7057e29825514008a06b749cb5c476f6@cert.org> <01RS3Y1AZ65A0085YQ@mauve.mrochek.com>
In-Reply-To: <01RS3Y1AZ65A0085YQ@mauve.mrochek.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.64.202.48]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/b8BfvrcpLmvvjkhJ1MW8DUEzmQ8>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Nov 2020 11:00:18 -0000

Hi Ned!

> -----Original Message-----
> From: Ned Freed <ned.freed@mrochek.com>
> Sent: Tuesday, November 17, 2020 9:53 AM
> To: Roman Danyliw <rdd@cert.org>
> Cc: ned+ietf@mauve.mrochek.com; Keith Moore <moore@network-
> heretics.com>; ietf@ietf.org
> Subject: RE: Call for Community Feedback: Retiring IETF FTP Service
> 
> > Hi Ned!
> 
> > Thanks for the feedback.
> 
> > > -----Original Message-----
> > > From: ietf <ietf-bounces@ietf.org> On Behalf Of
> > > ned+ietf@mauve.mrochek.com
> > > Sent: Tuesday, November 17, 2020 9:02 AM
> > > To: ietf@ietf.org
> > > Cc: Keith Moore <moore@network-heretics.com>
> > > Subject: Re: Call for Community Feedback: Retiring IETF FTP Service
> > >
> > > The discussion of FTP service retirement has actually been
> > > surprisinginly informative. Things I've learned include:
> > >
> > > (1) The IETF no longer provides HTTP access, leaving FTP as the only
> > >     access mechanism that doesn't require a crypto layer. With FTP gone,
> > >     crypto becomes a requirement for access.
> 
> > Could you help me better understand which way your concern leans.
> > Let's abstract away HTTP and FTP, and just consider a communications
> > channel.  Do you have a use case where access to IETF artifacts need
> > to happen over unencrypted channels (i.e., getting the same artifacts
> > over an encrypted channels breaks the use case)?
> 
> For myself, I routinely use devices that are incapable of supporting a crypto
> stack that would work with an IETF HTTPS server. I haven't had the need to
> access IETF resources recently from such hardware, which is why I hadn't
> noticed this change. But that's happenstance, nothing more.

Thanks for clarifying.  This access must not have had happened in several years.  HTTP has been turned off since 2015  per https://www.ietf.org/about/groups/iesg/statements/maximizing-encrypted-access/.

> However, the case that worries me much more is how this may affect access
> from places where crypto use is problematic.

We haven't been serving over HTTP in 5 years.  As I understand it, the concern is that FTP is one of the last ways to access IETF information unencrypted.  Do I have it wrong?  As I responded to Toerless [1], the primary users of FTP (by volume) don't appear to be disadvantaged:

==[ snip from [1] ]==
>From the data we have [1], it doesn't seem like many users are operating in a restricted environment.  I'm making assumptions here, but the biggest users of FTP, constituting 85% of the traffic, all seem very capable of consuming encrypted content.
** a dynamic IP address in a German ISP
** the proxy of a Fortune 100 company
** a Canadian IT services company
** a large US search engine company
** a leading Japanese research university
** website of a not-so-popular programming language
** a small Swedish software product company
** a small, several person US consulting company 
==[ snip ]==

Hence, from what we see from actual usage, those disadvantaged users appear largely hypothetical.

Furthermore, >99% of requests are syncing the entire or parts of the repository which can be done with rsync.  As pointed out by Bob [2], rsync can be used over rsh (unencrypted):

==[ snip ]==
$ rsync rsh rsync.ietf.org::
everything-ftp 	- The entire IETF FTP Archive
internet-drafts	- The Internet Draft Repository (currently active drafts)
id-archive     	- The Internet Draft Archive (both active and expired drafts)
iesg-minutes   	- IESG Minutes
proceedings    	- Repository of Proceedings
xml2rfc.bibxml 	The xml2rfc citation libraries
charter        	- Repository of WG Charters
concluded-wg-ietf-mail-archive	- Older list text archives
conflict-reviews	- Repository of Conflict Review documents
iana           	- IANA assignments
iana-timezone  	- IANA Time Zone Datatbase (see also http://www.iana.org/time-zones)
legacy-files   	- Legacy material supporting long-lived URLs
mailman-archive	- Repository of Mailing List Text Archives
rfc            	- Repository of RFCs
slides         	- Repository of Slide Documents
status-changes 	- Repository of Status Change Documents 
==[ snip ]==

Roman

[1] https://mailarchive.ietf.org/arch/msg/ietf/py_9b486x8x2io6d5dAb3FAgNng/
[2] https://mailarchive.ietf.org/arch/msg/ietf/maUHi4gfaPAH_TfsU6XbqdYYM5Y/

v2.23.0 | Report a Bug | By Email