Putting opex aside, it seems to me that modern communications need to be at least authenticated so ftp cannot stay as it is. I might be missing something, but switching ftp to https seems to me quite straight forward and at least much easier than switching to sftp or ftps. Given the support of https versus ftp, I also believe reducing the surface of attacks and relying on probably better maintained code is probably a good switch. I believe that switching to https is a good move
Yours,
Daniel
On Mon, Nov 16, 2020 at 5:16 PM Adam Roach <adam@xxxxxxxxxxx> wrote:
On 11/16/20 11:12, Keith Moore wrote:
> On 11/16/20 11:48 AM, Adam Roach wrote:
>
>> In the analysis, I think there are two costs to consider and one
>> benefit. The benefit of leaving it online, of course, is that some
>> small group of users still find utility in FTP.
>
> IMO that misstates the benefit. A stable service can have a large
> (and long-term) benefit even if only a few clients at a time use it.
Only read in a vacuum. If you read further, I argue for the stable
interfaces you want. I believe that your objections (here and elsewhere)
mentioning "user interface" conflate HTTP (transport) with HTML
(markup), and mixing user interface into the RFCs isn't a foregone
conclusion: the requirement you have of not mixing display in with
documents is why I suggest that raw versions be made available. And I
even argue for making the filesystem mountable like you requested, even
if I consider that use case to be a bit baroque.
I'm sympathetic to the position that all change can be disruptive, and I
understand that you know how FTP works and are comfortable with it. At
the same time, I'm not yet seeing any requirements that you've put forth
that can't be met pretty trivially with HTTP, other than an inferred
bedrock requirement of "this must not change at all."
I get it. It's annoying when a technology we like falls by the wayside.
But I think the costs I describe in my previous message are real, and
the use cases described so far can be entirely met with HTTP. So I think
a critical evaluation of the pros and cons points to retiring the
service. YMMV, of course, but I encourage you to reflect a bit more on
how much of your reaction is pushback on any change at all versus
actually losing the ability to do what you want to do.
/a
Daniel Migault
Ericsson
