Personal views - no hats. Time to retire the FTP service, just as other legacy protocols have been retired in the past. The IETF does not shy away from recommending that others encrypt everything, so we should take our own advice. As well, data clearly show there remains essentially no demand for FTP - users have adopted the HTTPS alternative. More detailed rationale: - Clearly the market has moved on. It does not cross the cost/benefit threshold to continue maintaining a service for so few connections (that all appear to be scripted machine-to-machine). - FTP support has been removed from browser clients. As Mozilla wrote, "FTP is an insecure protocol and there are no reasons to prefer it over HTTPS for downloading resources." - It is not encrypted. The IETF & IAB have been aggressive in pushing for pervasive encryption [1] so it is illogical that we would not make such a change on our own information resources. Per the IAB, "The IAB now believes it is important for protocol designers, developers, and operators to make encryption the norm for Internet traffic." [1] https://mailarchive.ietf.org/arch/msg/ietf-announce/ObCNmWcsFPNTIdMX5fmbuJoKFR8/ - Jason
