On Monday, 2017-01-30, 08:26:10, solitone wrote: > On Monday, January 30, 2017 7:58:10 AM CET Volker Wysk wrote: > > Am Montag, 30. Januar 2017, 06:42:08 CET schrieb solitone: > > > Hi, is there a reason why FTP with SSL/TSL (ftps://) has not been > > > implemented in Dolphin? > > > > Shouldn't that bee "sftp://";? > > No, that is FTP over SSH, not FTP with SSL/TLS. Actually that is SFTP, a different protocol, but of course you are right that it is not FTPS. Regarding your original question my guess would be that SFTP is just better and easier to implement because it is newer and specifically addressing the single secure connection model. FTP is a very old and weird protocol, basically requiring two connections, one from the client to the server (control) and one from the server to the client (data). There have been extensions to have the client open both connections as reverse connections are usually blocked by firewalls, but there are still two of them. SSL can only secure individual connections, so the data on each connection is secure but there is no safe way to related those two connections to each other, opening up possibilities for timing related attacks, etc. Are you working with a specific host that can't do SFTP or SSH at all? Cheers, Kevin -- Kevin Krammer, KDE developer, xdg-utils developer KDE user support, developer mentoring
Attachment:
signature.asc
Description: This is a digitally signed message part.
