IETF Logo Mail Archive

RE: Call for Community Feedback: Retiring IETF FTP Service

John C Klensin <john-ietf@jck.com> Thu, 26 November 2020 16:16 UTC

Return-Path: <john-ietf@jck.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70DB43A135D for <ietf@ietfa.amsl.com>; Thu, 26 Nov 2020 08:16:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Eo0TnVKd30Qx for <ietf@ietfa.amsl.com>; Thu, 26 Nov 2020 08:16:06 -0800 (PST)
Received: from bsa2.jck.com (ns.jck.com [70.88.254.51]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A70E3A1240 for <ietf@ietf.org>; Thu, 26 Nov 2020 08:16:06 -0800 (PST)
Received: from [198.252.137.10] (helo=PSB) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1kiJwB-0006Tc-7X; Thu, 26 Nov 2020 11:16:03 -0500
Date: Thu, 26 Nov 2020 11:15:57 -0500
From: John C Klensin <john-ietf@jck.com>
To: Roman Danyliw <rdd@cert.org>, Lyndon Nerenberg <lyndon@orthanc.ca>
cc: ietf@ietf.org
Subject: RE: Call for Community Feedback: Retiring IETF FTP Service
Message-ID: <D86EE0575B47105A8EC615CB@PSB>
In-Reply-To: <ef036e20609b4388aeb07d8f5fd5caae@cert.org>
References: <af6ab231024c478bbd28bbec0f9c69c9@cert.org> <b993def4eb0140698042781e0b790af0@cert.org> <50D6883540A39384617ABEBF@PSB> <725c1a373fbc77e5@orthanc.ca> <b2b172a2d793499bb4da094f1cceb105@cert.org> <36C92F732011DE95088B8427@PSB> <ef036e20609b4388aeb07d8f5fd5caae@cert.org>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Connect-IP: 198.252.137.10
X-SA-Exim-Mail-From: john-ietf@jck.com
X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/yPBgIYbnGeNOfpA-C3f1Gojes-o>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Nov 2020 16:16:08 -0000

Roman,

Thanks.  Inline below.

--On Thursday, November 26, 2020 14:19 +0000 Roman Danyliw
<rdd@cert.org> wrote:

>...

>> I didn't know about that and, at least for me, that
>> completely changes the equation.  If there is at least one
>> IETF (or IETF LLC)-supported site that is kept synchronized
>> with the IETF I-D collection and offers FTP, I don't see any
>> strong reason why there needs to be access to the IETF
>> repository on the IETF site. Even for those who need to
>> change scripts, changing one site and path for another
>> (either in human memory or in a
>> script) should not be a big deal and, IIR, IETF has moved
>> things around often enough that most FTP users have had to do
>> that once or twice already.
 
> Since we talked exchanged notes on being clear on positions
> (see:
> https://mailarchive.ietf.org/arch/msg/ietf/GXzI5CRCVLhfKzFR4s5
> BwKmjhio/), am I correct in interpreting that you have moved
> from "opposed" to "no objection contingent on continued
> operations of an alternative ftp source such as
> ftp://ftp.rfc-editor.org"?

"only weak objections contingent..." would be a tad better, but
let me comment on a few things below and then explain the
difference.

>> On the other hand, if the LLC has to support, or fund AMS to
>> support, FTP access to a repository on the RFC Editor
>> site/path, it seems that the case that there are significant
>> marginal costs for maintaining FTP access to the IETF
>> repository just got a little more dubious.
> 
> I'm speaking for the IESG, so I (we) have no purview over
> contract.  With that caveat and being completely on the
> outside, I will repeat what was mentioned earlier that
> operational complexity get reduced with fewer services to run.
> It also reduced attack surface (perhaps one was a little
> behind in updates or had a misconfiguration).

Understood.  However, whatever niceties we might have about the
boundaries among decisions made by the IESG, decisions made by
whomever or whatever makes decisions for the RFC Editor
Function, and decisions/contracts managed by the IETF LLC, those
distinctions are fairly invisible from a distance.  That is
important for two reasons.  First, if this is really just an
operational matter, even one of operational complexity, then it
should not be the IESG's problem at all -- the LLC should be
discussing it as an operational matter and consulting the
community.   No, I don't think starting over would be at all
helpful but if you (and presumably the rest of the IESG are
"completely on the outside", then I'm not sure why you
(severally) have started this discussion.   Second, your
statement takes us into the uncomfortable territory of plausible
deniability.  Suppose the IETF drops the FTP service because
almost no one is using it (an argument made several times in
this discussion) and because it adds operational complexity and
increases security risks.  Then (especially in the absence of an
RSE or successor function with authority) the LLC wakes up some
morning in the near future and says "The IETF has concluded,
after an extensive community discussion, that an FTP service is
unnecessary, unused, adds operational complexity, and increases
risks.  Certainly the same arguments apply to the RFC Editor's
FTP service(s), so let's tell AMS to shut it down."   Absolutely
nothing would prevent them from doing that and, if we are really
treating these things as complete separate entities which are
"completely on the outside" with respect to each other, then "no
objection contingent..." turns back into a strong objection
unless whoever or whatever makes the decision for the IETF
repository (I'm presuming the IESG is taking on that authority)
makes a firm commitment that, if the RFC Editor FTP
functionality is shut down and not replaced by some other FTP
availability of I-Ds (and RFCs if they are involved) under the
general IETF-RFC Editor-IETF LLC-ISOC umbrella, the IETF service
will be immediately turned back on.

Put into a sentence you can put in the summary, I have no
objection to the IETF dropping its FTP service if there is a
firm commitment that those documents and and resources will
continue to be available from some site within the general IETF
family.  If that assurance cannot be given, then I am back onto
the strong objection list.

In addition, I don't know if this is worth belaboring, but a
number of the arguments that have been made, particularly those
that imply that FTP service should be shut down because people
who want to use it are, e.g., just horribly backward and/or
should join the current century, seem to be to be spurious
and/or insulting.  I would hope they would not be included in
any future summary  of why discontinuing FTP service or, better,
explicitly disclaimed.  For example and because of my concerns
about actions others (including the LLC and/or RFC Editor
Function) might decide to take based on an IETF/IESG decision,
it seems to me to be very important that "our" reasons for
whatever decisions we made be very clear and that the implied
insults of those arguments should have no part of them.

    best,
     john

v2.23.0 | Report a Bug | By Email