At 11:44 AM -0400 5/12/10, Joe Abley wrote: >On 2010-05-12, at 09:28, Barry Leiba wrote: > >> It would be a mistake to build a further array of individual, >> uncoordinated extensions to FTP. > >I'm actually slightly surprised that anybody is considering enhancements to FTP in 2010. > >I would have thought that given standardised alternatives which are kinder to firewalls and more secure the logical next step would be to publish guidance that advises against using FTP, outlines the reasons why, and points people towards more suitable protocols. Unless I'm missing some use-case where FTP is actually superior to (say) HTTP, or SSH/SFTP? The use of FTP dwarfs the use of SFTP by at least two orders of magnitude. Further, and more troubling, is that there are few if any SFTP servers that have the same access properties as those common in most FTP servers, namely that the user who connects can *only* see the contents of the home directory and below. (Yes, you can sometimes set up SSH/SFTP with this restriction; doing so is still cumbersome and not well supported on many OSs.) The use case for FTP remains "password protected access to a limited set of files where eavesdropping on the password or transferred file contents will not cause much damage". As SFTP implementations mature, we might consider suggesting moving away from FTP, but probably not before then. --Paul Hoffman, Director --VPN Consortium _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf