[secdir] review of draft-hethmon-mcmurray-ftp-hosts-11

"Hilarie Orman" <ho@alum.mit.edu> Tue, 27 April 2010 16:18 UTC

Return-Path: <hilarie@purplestreak.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 124643A6838; Tue, 27 Apr 2010 09:18:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9KuWDb8kpC+R; Tue, 27 Apr 2010 09:18:28 -0700 (PDT)
Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232]) by core3.amsl.com (Postfix) with ESMTP id 6B1AE3A67EA; Tue, 27 Apr 2010 09:18:26 -0700 (PDT)
Received: from mx01.mta.xmission.com ([166.70.13.211]) by out02.mta.xmission.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <hilarie@purplestreak.com>) id 1O6nUD-0006kO-BU; Tue, 27 Apr 2010 10:18:14 -0600
Received: from 166-70-57-249.ip.xmission.com ([166.70.57.249] helo=fermat.rhmr.com) by mx01.mta.xmission.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <hilarie@purplestreak.com>) id 1O6nU7-0007DE-TT; Tue, 27 Apr 2010 10:18:13 -0600
Received: from fermat.rhmr.com (localhost [127.0.0.1]) by fermat.rhmr.com (8.14.3/8.14.3/Debian-9ubuntu1) with ESMTP id o3RGIDQe026945; Tue, 27 Apr 2010 10:18:13 -0600
Received: (from ho@localhost) by fermat.rhmr.com (8.14.3/8.14.3/Submit) id o3RGI9Fp026926; Tue, 27 Apr 2010 10:18:09 -0600
Date: Tue, 27 Apr 2010 10:18:09 -0600
Message-Id: <201004271618.o3RGI9Fp026926@fermat.rhmr.com>
X-Authentication-Warning: fermat.rhmr.com: ho set sender to hilarie using -f
From: "Hilarie Orman" <ho@alum.mit.edu>
To: secdir@ietf.org
X-XM-SPF: eid=; ; ; mid=; ; ; hst=mx01.mta.xmission.com; ; ; ip=166.70.57.249; ; ; frm=hilarie@purplestreak.com; ; ; spf=none
X-XM-DomainKey: sender_domain=alum.mit.edu; ; ; sender=ho@alum.mit.edu; ; ; status=error
X-SA-Exim-Connect-IP: 166.70.57.249
X-SA-Exim-Mail-From: hilarie@purplestreak.com
X-Spam-DCC: XMission; sa04 1397; Body=1 Fuz1=1 Fuz2=1
X-Spam-Combo: ;secdir@ietf.org
X-Spam-Relay-Country:
X-SA-Exim-Version: 4.2.1 (built Thu, 25 Oct 2007 00:26:12 +0000)
X-SA-Exim-Scanned: Yes (on mx01.mta.xmission.com)
Cc: phethmon@hethmon.com, robmcm@microsoft.com, iesg@ietf.org
Subject: [secdir] review of draft-hethmon-mcmurray-ftp-hosts-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Hilarie Orman <ho@alum.mit.edu>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Apr 2010 16:18:29 -0000

Security review of 
File Transfer Protocol HOST Command
draft-hethmon-mcmurray-ftp-hosts-11

Do not be alarmed.  I have reviewed this document as part of the
security directorate's ongoing effort to review all IETF documents
being processed by the IESG.  These comments were written primarily
for the benefit of the security area directors.  Document editors and
WG chairs should treat these comments just like any other last call
comments.

This protocol modification adds a command ("HOST") by which the client
designates a virtual host.  The server will then use an authentication
method suitable for that host, much as though a separate FTP server
were running for each virtual host.

There is a small area of concern surrounding the information
contained in the "HOST" command.  If the name of the virtual host is
sensitive information, then clients should protect it by using
encryption when first connecting to the server.  Although the
document anticipates host names as being publicly available DNS
names, that is not necessary, and some organizations will probably
use private names.

Hilarie