ietf
[Top] [All Lists]

Re: Last Call: draft-hethmon-mcmurray-ftp-hosts (File Transfer Protocol HOST Command) to Proposed Standard

2010-05-12 14:02:13
On 5/12/10 9:38 AM, Joe Abley wrote:
On 2010-05-12, at 12:32, Paul Hoffman wrote:

The use of FTP dwarfs the use of SFTP by at least two orders of magnitude.
Sure.

To paraphrase my comment (or at least re-state it in a clearer way) from a 
protocol perspective, setting aside deficiencies in particular implementations, 
it seems more apropos to convey the message that FTP is inadequate in various 
ways, and to point towards some alternatives, than to imply (through the 
appearance of protocol maintenance) that FTP is alive and well and a good 
choice of protocol for new applications.
Agreed. Use of plain-text authentication, even with a pretext of restricting directory views, lacks merit. Most operating systems enforce directory access without dependence upon the access application. Suggestions, that in effect recommends FTP to maintain security, would be misleading especially with many outstanding exploits still found in clients and browsers.

-Doug
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf