[secdir] review of draft-hethmon-mcmurray-ftp-hosts-11
"Hilarie Orman" <ho@alum.mit.edu> Tue, 27 April 2010 16:18 UTC
Return-Path: <hilarie@purplestreak.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 124643A6838; Tue, 27 Apr 2010 09:18:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9KuWDb8kpC+R; Tue, 27 Apr 2010 09:18:28 -0700 (PDT)
Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232]) by core3.amsl.com (Postfix) with ESMTP id 6B1AE3A67EA; Tue, 27 Apr 2010 09:18:26 -0700 (PDT)
Received: from mx01.mta.xmission.com ([166.70.13.211]) by out02.mta.xmission.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <hilarie@purplestreak.com>) id 1O6nUD-0006kO-BU; Tue, 27 Apr 2010 10:18:14 -0600
Received: from 166-70-57-249.ip.xmission.com ([166.70.57.249] helo=fermat.rhmr.com) by mx01.mta.xmission.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <hilarie@purplestreak.com>) id 1O6nU7-0007DE-TT; Tue, 27 Apr 2010 10:18:13 -0600
Received: from fermat.rhmr.com (localhost [127.0.0.1]) by fermat.rhmr.com (8.14.3/8.14.3/Debian-9ubuntu1) with ESMTP id o3RGIDQe026945; Tue, 27 Apr 2010 10:18:13 -0600
Received: (from ho@localhost) by fermat.rhmr.com (8.14.3/8.14.3/Submit) id o3RGI9Fp026926; Tue, 27 Apr 2010 10:18:09 -0600
Date: Tue, 27 Apr 2010 10:18:09 -0600
Message-Id: <201004271618.o3RGI9Fp026926@fermat.rhmr.com>
X-Authentication-Warning: fermat.rhmr.com: ho set sender to hilarie using -f
From: Hilarie Orman <ho@alum.mit.edu>
To: secdir@ietf.org
X-XM-SPF: eid=; ; ; mid=; ; ; hst=mx01.mta.xmission.com; ; ; ip=166.70.57.249; ; ; frm=hilarie@purplestreak.com; ; ; spf=none
X-XM-DomainKey: sender_domain=alum.mit.edu; ; ; sender=ho@alum.mit.edu; ; ; status=error
X-SA-Exim-Connect-IP: 166.70.57.249
X-SA-Exim-Mail-From: hilarie@purplestreak.com
X-Spam-DCC: XMission; sa04 1397; Body=1 Fuz1=1 Fuz2=1
X-Spam-Combo: ;secdir@ietf.org
X-Spam-Relay-Country:
X-SA-Exim-Version: 4.2.1 (built Thu, 25 Oct 2007 00:26:12 +0000)
X-SA-Exim-Scanned: Yes (on mx01.mta.xmission.com)
Cc: phethmon@hethmon.com, robmcm@microsoft.com, iesg@ietf.org
Subject: [secdir] review of draft-hethmon-mcmurray-ftp-hosts-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Hilarie Orman <ho@alum.mit.edu>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Apr 2010 16:18:29 -0000
Security review of File Transfer Protocol HOST Command draft-hethmon-mcmurray-ftp-hosts-11 Do not be alarmed. I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This protocol modification adds a command ("HOST") by which the client designates a virtual host. The server will then use an authentication method suitable for that host, much as though a separate FTP server were running for each virtual host. There is a small area of concern surrounding the information contained in the "HOST" command. If the name of the virtual host is sensitive information, then clients should protect it by using encryption when first connecting to the server. Although the document anticipates host names as being publicly available DNS names, that is not necessary, and some organizations will probably use private names. Hilarie
- [secdir] review of draft-hethmon-mcmurray-ftp-hos… Hilarie Orman