Re: Call for Community Feedback: Retiring IETF FTP Service

Toerless Eckert <tte@cs.fau.de> Tue, 10 November 2020 23:11 UTC

Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 397323A11DE; Tue, 10 Nov 2020 15:11:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.65
X-Spam-Level:
X-Spam-Status: No, score=-1.65 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g20kZLyPMEH2; Tue, 10 Nov 2020 15:11:57 -0800 (PST)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [131.188.34.40]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 082B83A11DB; Tue, 10 Nov 2020 15:11:56 -0800 (PST)
Received: from faui48f.informatik.uni-erlangen.de (faui48f.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:52]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id 8DE545485DA; Wed, 11 Nov 2020 00:11:51 +0100 (CET)
Received: by faui48f.informatik.uni-erlangen.de (Postfix, from userid 10463) id 74872440059; Wed, 11 Nov 2020 00:11:51 +0100 (CET)
Date: Wed, 11 Nov 2020 00:11:51 +0100
From: Toerless Eckert <tte@cs.fau.de>
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>
Cc: Marc Petit-Huguenin <marc@petit-huguenin.org>, Roman Danyliw <rdd@cert.org>, John C Klensin <john-ietf@jck.com>, "Scott O. Bradner" <sob@sobco.com>, "ietf@ietf.org" <ietf@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>
Subject: Re: Call for Community Feedback: Retiring IETF FTP Service
Message-ID: <20201110231151.GB60333@faui48f.informatik.uni-erlangen.de>
References: <af6ab231024c478bbd28bbec0f9c69c9@cert.org> <9D07ED68-DBF8-4E9D-966A-D7688A384E69@sobco.com> <97529AEECF47C0474F4A828F@PSB> <a383240da17845399eb0cd676d3b23f6@cert.org> <bc6edf1c-eed9-2f77-8a95-7ecc78c86e8a@petit-huguenin.org> <97DAE598-8A4D-4F3B-8127-4C86148EFCEA@akamai.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <97DAE598-8A4D-4F3B-8127-4C86148EFCEA@akamai.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/erE29lzN3JVXkzoq8I3T04b3NP8>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Nov 2020 23:12:00 -0000

On Tue, Nov 10, 2020 at 06:15:03PM +0000, Salz, Rich wrote:
> >    Transferring files that are not HyperText files using HTTP is in poor taste, much like eating salad with a fork that is not a salad fork.
> 
> Strongly disagree.
> 
> Particularly when HTTPS is used, you get privacy and an *authenticated connection* to the server.  FTP doesn't have that, and while SFTP or FTPS do, they are not trivial to set up.

How does this make FTP the better salad fork ? 

I may not want encryption because it reduces my bulk download speed,
yet ietf does not even give me http download option but forces https.

My client needs to do directory screen scraping to know whats on the
server with HTTP.

IETF content is public. I may not even want/need to download it from
*.ietf.org, i may prefer a faster mirror:

Its a pretty bad "Inernet" security design to expect authenticity of content
 by having authenticity of transport. That type of strict 1:1 authenticity
maping better suits walled garden solutions.

IMHO: all IETF documents should better have an IETF/RFC-editor signature
on them, like we do for S/MIME (not sure if there are good standards
for such document signatures for the most important docs: XML, Text,
email(box).

Cheers
    Toerless