On 11/17/20 12:03 AM, Daniel Migault wrote:
Putting opex aside, it seems to me that modern communications need to be at least authenticated so ftp cannot stay as it is. I might be missing something, but switching ftp to https seems to me quite straight forward and at least much easier than switching to sftp or ftps. Given the support of https versus ftp, I also believe reducing the surface of attacks and relying on probably better maintained code is probably a good switch. I believe that switching to https is a good move
What I'm seeing are a lot of handwaving arguments and very little detail, and a lot of arguments of the form "it's quite straightforward for all clients to rewrite their code so we don't have to run a single additional server".
Sure, it's possible to use webdav instead of FTP, but I am not convinced that results in lower opex and it definitely requires significant changes on the part of clients.
By "authenticated" you're only talking about authenticating servers to clients. That's not useless but I'm not aware of significant efforts or likely efforts to substitute bogus RFC content for genuine RFC content.
Keith
