IETF Logo Mail Archive

Re: Call for Community Feedback: Retiring IETF FTP Service

ned+ietf@mauve.mrochek.com Wed, 18 November 2020 15:11 UTC

Return-Path: <ned+ietf@mauve.mrochek.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB2223A0AAD for <ietf@ietfa.amsl.com>; Wed, 18 Nov 2020 07:11:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z0ikmfkHzfRr for <ietf@ietfa.amsl.com>; Wed, 18 Nov 2020 07:11:03 -0800 (PST)
Received: from plum.mrochek.com (plum.mrochek.com [172.95.64.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 259F73A03FC for <ietf@ietf.org>; Wed, 18 Nov 2020 07:11:03 -0800 (PST)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01RS5CFDA8UO007W7E@mauve.mrochek.com> for ietf@ietf.org; Wed, 18 Nov 2020 07:06:00 -0800 (PST)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: TEXT/PLAIN; CHARSET="US-ASCII"; format="flowed"
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01RS4XGHZZF4005PTU@mauve.mrochek.com> (original mail from NED@mauve.mrochek.com) for ietf@ietf.org; Wed, 18 Nov 2020 07:05:57 -0800 (PST)
From: ned+ietf@mauve.mrochek.com
Cc: Keith Moore <moore@network-heretics.com>, "ietf@ietf.org" <ietf@ietf.org>
Message-id: <01RS5CFAY5S0005PTU@mauve.mrochek.com>
Date: Wed, 18 Nov 2020 06:42:39 -0800
Subject: Re: Call for Community Feedback: Retiring IETF FTP Service
In-reply-to: "Your message dated Wed, 18 Nov 2020 09:36:57 -0500" <a2516ce1-a371-c5dd-3294-1901948f8a1b@joelhalpern.com>
References: <a8bdd67a-13ea-4433-aa38-9cfd48ea28da@network-heretics.com> <0e875497-9986-a0d9-8354-3eac26b7f882@nostrum.com> <a02e15f2-34fb-4124-7ba0-c0ee0070b39f@network-heretics.com> <6a29096e-c76e-9bde-388c-bf411b235346@nostrum.com> <6ff3c8a8-57c9-a278-51ce-ce24fd2dfc0e@network-heretics.com> <01RS3W7DNPHA005PTU@mauve.mrochek.com> <7057e29825514008a06b749cb5c476f6@cert.org> <01RS3Y1AZ65A0085YQ@mauve.mrochek.com> <365930470c214fbd982da633c69b3b67@cert.org> <5172d442-6bb0-0e11-81fb-3da6e828166e@network-heretics.com> <20201118121725.GN39170@kduck.mit.edu> <BL0PR14MB3779D2DF5858884E97727CF2C3E10@BL0PR14MB3779.namprd14.prod.outlook.com> <c177edea-202d-2883-3a48-5b615c4a0a93@network-heretics.com> <a2516ce1-a371-c5dd-3294-1901948f8a1b@joelhalpern.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/vTZQdCe5nZE5wefXq8gatcYmM0E>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Nov 2020 15:11:08 -0000

> There seem to be two groups of users causing the discussion.
> One set are folks who use scripts that will be discommoded if we drop
> FTP access.  That is a concern.  But a somewhat manageable one.  And one
> where we havve to at some point be able to say "no, we do not supporting
> things forever".

I don't think anyone is saying "forever", just "not now". indeed, given that
some of the people making this argument are the same people who believe a total
transition to IPV6 is going to happen - a transition ftp will not survive -
it's pretty obvious this isn't the case.

> The other argument is that there exist a set of people who will be
> unable to practically get the documents if we drop the FTP access.

I was relieved to learn that rsync does not require crypto, so there's at least
one other non-crypto option the IETF still supports. OTOH, the set of
capabilities rsync provides is quite different and much more limited, so this
is not sufficient cause for me to change my position on ftp.

> If true, that is important.  But we do not appear to ahve any way to
> evaluate the statement as other than a hypothetical.  We know such
> people could exist.  But do we know if they do exist?

And now not only are you asking for information about current conditions we do
not have, you're also asking us to predict the future.

What we do know is that our track record in regards to anticipating unintended
consequences is incredibly poor.

In this regard, there has already been discussion of the downsides to dropping
HTTP support entirely; I see no reason to elaborate further on that.

But if you want a crypto-specific example, you need look no further than how
we're unintentionally introduced widespread non-repudiation into our email
infrastructure.

More specifically, we developed DKIM/DMARC as an anti-phishing measure for
commerical email. It was never intedned to be used for personal email, but
Yahoo deployed it in the personal email space and others have followed suit on
a massive scale. As a result a significant and growing percentage of email is
now signed, to the point where privacy experts are calling for DKIM key release
after rotation to at least partially mitigate the damage we have done.

For me the bottom line is this is a very small cost that at at minimum provides
insurance against some really bad outcomes.

> It seems to me that arguing for keeping the service because people in
> the second category may exist is a very weak argument.

Right back atcha, Joel.

				Ned

v2.23.0 | Report a Bug | By Email