Re: Last Call: draft-hethmon-mcmurray-ftp-hosts (File Transfer Protocol HOST Command) to Proposed Standard
On 5/12/10 9:34 PM, John C Klensin wrote: Doug, Let's separate two issues. One is whether or not this particular proposal, with or without RFC 4217 (an existing Proposed Standard), is appropriate. If it is not, or cannot exist in harmony with 4217, then it reinforces my view that it should not be put on the Standards Track without a more comprehensive examination in the context of existing FTP work and proposals. This draft describes server side validations, while leaving open host name compliance with x.509 distinguished names, and limits input to Puny-code rather than UTF-8 as specified by RFC3280. Should people be expected to input ACE-labels or make UTF-8/ACE-label conversions in both directions? In addition, there remains many insecure implementations of FTP without also introducing these changes. Use of FTPS, as suggested, is not normally part of any pre-configured FTP offering. FTP also remains problematic as implemented in many browsers, where of course this proposed virtual host FTP is likely attractive. Section 3.1 states: .--- [The HOST input] should normally be the same host name that was used to obtain the IP address to which the FTP control connection was made, after any client conversions have been completed that convert an abbreviated or local alias to a complete (fully qualified) domain name, but before resolving a DNS alias (owner of a CNAME resource record) to its canonical name. Internationalization of domain names is only supported through the use of Puny-code as described in RFC3492. '--- Does this meet a reasonable expectations for IDN support? Many local name services do not use Puny-code, but use of UTF-8 instead. The other is whether we should proceed with any FTP work at all. Especially in the context of 4217 (you were aware of that when you wrote your comments, weren't you), I find your remarks completely unpersuasive. One could reasonably argue that it is time to establish a SASL binding for FTP (maybe it is; a WG could figure that out), but I think it is hard to argue that FTP generally is any worse from an authentication, authorization, or privacy standpoint than any other protocol that we've protected by running it over an encrypted tunnel. YMMD, of course. The scant coverage of client related compliance suggests there is little interest in seeing security improved. The crude introduction of host names makes security related efforts more difficult to resolve. In the meantime, FTP continues to represent a security hazard, despite IETF's efforts. This draft, in its current form, is unlikely to bring a positive change in security. As such, it seems right to discourage changes that might interfere with efforts at achieving better implementations. I share others doubts that further efforts such as this will lead to improve security, but instead lend false impressions. -Doug ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Last Call: draft-hethmon-mcmurray-ftp-hosts (File Transfer Protocol HOST Command) to Proposed Standard
--On Wednesday, 12 May, 2010 16:04 -0700 Douglas Otis wrote: >... > In this case, the IETF should say "Use something more secure." > The proposed enhancement combines multiple host's credentials > to avoid transparent techniques that could offer network > isolation as well. Your concern would be valid when there is > also a commensurate effort at improving security. > Unfortunately, the opposite is true. Doug, Let's separate two issues. One is whether or not this particular proposal, with or without RFC 4217 (an existing Proposed Standard), is appropriate. If it is not, or cannot exist in harmony with 4217, then it reinforces my view that it should not be put on the Standards Track without a more comprehensive examination in the context of existing FTP work and proposals. The other is whether we should proceed with any FTP work at all. Especially in the context of 4217 (you were aware of that when you wrote your comments, weren't you), I find your remarks completely unpersuasive. One could reasonably argue that it is time to establish a SASL binding for FTP (maybe it is; a WG could figure that out), but I think it is hard to argue that FTP generally is any worse from an authentication, authorization, or privacy standpoint than any other protocol that we've protected by running it over an encrypted tunnel. YMMD, of course. john ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Last Call: draft-hethmon-mcmurray-ftp-hosts (File Transfer Protocol HOST Command) to Proposed Standard
On 5/12/10 2:39 PM, John C Klensin wrote: Others may disagree, but our success record when we tell people not to do something that works well for them and, in their opinion, poses no risks, is terrible. All saying "FTP is dead, go use something else" can accomplish is to drive the work away from the IETF. In this case, the IETF should say "Use something more secure." The proposed enhancement combines multiple host's credentials to avoid transparent techniques that could offer network isolation as well. Your concern would be valid when there is also a commensurate effort at improving security. Unfortunately, the opposite is true. -Doug ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Last Call: draft-hethmon-mcmurray-ftp-hosts (File Transfer Protocol HOST Command) to Proposed Standard
--On Wednesday, 12 May, 2010 17:12 +0100 Alexey Melnikov wrote: >... > Barry/John, > You already know that I am waiting for the FTP BOF proposal > for Maastricht. > I can delay asking IESG to review this document till after the > BOF, but if there is no BOF or nothing comes out of it, I > don't think it is fair to delay the document just because > something can be done better in a WG. > > Alexey, as the sponsoring Apps AD. Alexey, While I'd like to see a BOF too, and I suppose that Barry and I could get a proposal together, I think you and the IESG should look at this in a different way. As Paul Hoffman pointed out, there is a large community of FTP users out there. There are even multiple people, in multiple organizations, who spend significant time working on code for it. However, while several of them have been willing to write individual submission drafts, they have not been willing to show up at the IETF and do work, with each other, to get this standardized. For the record, while I agree with Paul, I'd also suggest that, even if the relevant community were much smaller, it would be worthwhile to develop a coordinated effort to design and evaluate FTP modification proposals if only to ensure continued interoperability. Others may disagree, but our success record when we tell people not to do something that works well for them and, in their opinion, poses no risks, is terrible. All saying "FTP is dead, go use something else" can accomplish is to drive the work away from the IETF. That increases the risk of interoperability problems if those who are interested don't find another forum. If they do find another forum, it could strengthen some body who would like to eat our lunch in other areas, areas that we have not chosen to discard. However, my view is that there is not, and should not be, meaningful community consensus for putting any (or all) of these proposals on the Standards Track unless a coordinated effort is possible. If someone from the relevant community needs help putting a BOF proposal together, I'd be happy to help. But, absent signs of willingness, within that community, to participate actively and take leadership roles, I don't see a BOF as being helpful. It might just confirm that there is a problem (which we know) and that no one is actually willing to work together rather than writing individual proposals. So my answer would be that considering these documents in an uncoordinated way as individual submissions is a bad idea. The alternative to a WG (or some coordination alternative) should not be "well then, we have to process and approve the individual submissions". It should be "if the FTP community can't organize itself sufficiently, even with offers of help, to put a WG (or other coordination process) together, then IETF review and value-added is almost meaningless". If that were to be the case, those involved should revise their documents into, e.g., "Paul's and Robert's clever idea for an FTP extension for virtual hosts", publish them as Informational, enter the relevant bits into the registry, and move on. I'd also suggest that those who don't like FTP and think we should do no more work on it should not be complaining about this draft, or others, but should be writing an I-D explaining their case. If they can get enough consensus to get that explanation published as a BCP or standards-track document moving FTP to Historic, so be it (although I'd be surprised). If not and their arguments are well-reasoned and documented, I assume that the ISE would be as welcoming to their contribution as he would be to well-written protocol descriptions of existing practices or strongly-motivated proposals. I think keeping these documents off standards track because there isn't a critical mass of designers and developers willing to do work would be a sad outcome. However, unless the community of folks proposing these extensions are willing to come forward and start working with each other in a coordinated and consensus-establishing way, I think it is by far the better outcome than more uncoordinated and mutually underdesigned standards-track extensions. best, john p.s. I've been trying to avoid saying "a protocol-developing WG is the only way" although it is certainly my first preference. Maybe an FTP-specific review team that would contain at least some appointed experts and that worked entirely by correspondence would be adequate. Maybe we could do something intense in a meeting or two to lay out design principles against which the individual submissions could then be evaluated. Maybe you or others can come up with some other idea, even if it were radical enough to require a 3933 experiment proposal first. But I think that anything that goes on the standard track has to reflect IETF value-added and some reasonable level of informed IETF consensus that the idea is a good one, both individually and in context. And, right now, this document doesn't meet those
Re: Last Call: draft-hethmon-mcmurray-ftp-hosts (File Transfer Protocol HOST Command) to Proposed Standard
On 5/12/10 9:38 AM, Joe Abley wrote: On 2010-05-12, at 12:32, Paul Hoffman wrote: The use of FTP dwarfs the use of SFTP by at least two orders of magnitude. Sure. To paraphrase my comment (or at least re-state it in a clearer way) from a protocol perspective, setting aside deficiencies in particular implementations, it seems more apropos to convey the message that FTP is inadequate in various ways, and to point towards some alternatives, than to imply (through the appearance of protocol maintenance) that FTP is alive and well and a good choice of protocol for new applications. Agreed. Use of plain-text authentication, even with a pretext of restricting directory views, lacks merit. Most operating systems enforce directory access without dependence upon the access application. Suggestions, that in effect recommends FTP to maintain security, would be misleading especially with many outstanding exploits still found in clients and browsers. -Doug ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Last Call: draft-hethmon-mcmurray-ftp-hosts (File Transfer Protocol HOST Command) to Proposed Standard
On Wed, 12 May 2010, Joe Abley wrote: I'm actually slightly surprised that anybody is considering enhancements to FTP in 2010. I would have thought that given standardised alternatives which are kinder to firewalls and more secure the logical next step would be to publish guidance that advises against using FTP, outlines the reasons why, and points people towards more suitable protocols. Unless I'm missing some use-case where FTP is actually superior to (say) HTTP, or SSH/SFTP? Agreed. It is irresponsible to patch up the ftp protocol to enhance its life span. Paul ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Last Call: draft-hethmon-mcmurray-ftp-hosts (File Transfer Protocol HOST Command) to Proposed Standard
On 2010-05-12, at 12:32, Paul Hoffman wrote: > The use of FTP dwarfs the use of SFTP by at least two orders of magnitude. Sure. To paraphrase my comment (or at least re-state it in a clearer way) from a protocol perspective, setting aside deficiencies in particular implementations, it seems more apropos to convey the message that FTP is inadequate in various ways, and to point towards some alternatives, than to imply (through the appearance of protocol maintenance) that FTP is alive and well and a good choice of protocol for new applications. Joe ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Last Call: draft-hethmon-mcmurray-ftp-hosts (File Transfer Protocol HOST Command) to Proposed Standard
At 11:44 AM -0400 5/12/10, Joe Abley wrote: >On 2010-05-12, at 09:28, Barry Leiba wrote: > >> It would be a mistake to build a further array of individual, >> uncoordinated extensions to FTP. > >I'm actually slightly surprised that anybody is considering enhancements to >FTP in 2010. > >I would have thought that given standardised alternatives which are kinder to >firewalls and more secure the logical next step would be to publish guidance >that advises against using FTP, outlines the reasons why, and points people >towards more suitable protocols. Unless I'm missing some use-case where FTP is >actually superior to (say) HTTP, or SSH/SFTP? The use of FTP dwarfs the use of SFTP by at least two orders of magnitude. Further, and more troubling, is that there are few if any SFTP servers that have the same access properties as those common in most FTP servers, namely that the user who connects can *only* see the contents of the home directory and below. (Yes, you can sometimes set up SSH/SFTP with this restriction; doing so is still cumbersome and not well supported on many OSs.) The use case for FTP remains "password protected access to a limited set of files where eavesdropping on the password or transferred file contents will not cause much damage". As SFTP implementations mature, we might consider suggesting moving away from FTP, but probably not before then. --Paul Hoffman, Director --VPN Consortium ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Last Call: draft-hethmon-mcmurray-ftp-hosts (File Transfer Protocol HOST Command) to Proposed Standard
Barry Leiba wrote: --On Monday, 12 April, 2010 12:44 -0700 The IESG wrote: The IESG has received a request from an individual submitter to consider the following document: - 'File Transfer Protocol HOST Command ' as a Proposed Standard I agree with John Klensin's comments, and especially want to call out this part: On Mon, May 10, 2010 at 11:22 AM, John C Klensin wrote: Those decisions should not -- cannot -- be made by processing one command extension at a time, with each one reflecting the taste and assumptions of its authors in different ways. It seems to me that we need a WG or some other mechanism for establishing and determining community consensus around basic design principles for FTP extensions. If the IESG then wants to process individual extensions as individual submissions, that would be fine, but let's first at least establish a framework for evaluating them. It would be a mistake to build a further array of individual, uncoordinated extensions to FTP. As with the establishment of the imapext, sieve, and morg working groups, when the IETF has seen a collection or succession of proposals aimed at extending a protocol, it has opted to charter a working group to coordinate those proposals, winnow them, and establish community consensus on which to standardize, and how. It should do that here, as well. Barry/John, You already know that I am waiting for the FTP BOF proposal for Maastricht. I can delay asking IESG to review this document till after the BOF, but if there is no BOF or nothing comes out of it, I don't think it is fair to delay the document just because something can be done better in a WG. Alexey, as the sponsoring Apps AD. ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Last Call: draft-hethmon-mcmurray-ftp-hosts (File Transfer Protocol HOST Command) to Proposed Standard
On 2010-05-12, at 09:28, Barry Leiba wrote: > It would be a mistake to build a further array of individual, > uncoordinated extensions to FTP. I'm actually slightly surprised that anybody is considering enhancements to FTP in 2010. I would have thought that given standardised alternatives which are kinder to firewalls and more secure the logical next step would be to publish guidance that advises against using FTP, outlines the reasons why, and points people towards more suitable protocols. Unless I'm missing some use-case where FTP is actually superior to (say) HTTP, or SSH/SFTP? Joe ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Last Call: draft-hethmon-mcmurray-ftp-hosts (File Transfer Protocol HOST Command) to Proposed Standard
> --On Monday, 12 April, 2010 12:44 -0700 The IESG > wrote: > >> The IESG has received a request from an individual submitter >> to consider the following document: >> >> - 'File Transfer Protocol HOST Command ' >> as a Proposed >> Standard I agree with John Klensin's comments, and especially want to call out this part: On Mon, May 10, 2010 at 11:22 AM, John C Klensin wrote: > Those decisions should not -- cannot -- be > made by processing one command extension at a time, with each > one reflecting the taste and assumptions of its authors in > different ways. > > It seems to me that we need a WG or some other mechanism for > establishing and determining community consensus around basic > design principles for FTP extensions. If the IESG then wants > to process individual extensions as individual submissions, > that would be fine, but let's first at least establish a > framework for evaluating them. It would be a mistake to build a further array of individual, uncoordinated extensions to FTP. As with the establishment of the imapext, sieve, and morg working groups, when the IETF has seen a collection or succession of proposals aimed at extending a protocol, it has opted to charter a working group to coordinate those proposals, winnow them, and establish community consensus on which to standardize, and how. It should do that here, as well. Barry Leiba ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
Re: Last Call: draft-hethmon-mcmurray-ftp-hosts (File Transfer Protocol HOST Command) to Proposed Standard
--On Monday, 12 April, 2010 12:44 -0700 The IESG wrote: > The IESG has received a request from an individual submitter > to consider the following document: > > - 'File Transfer Protocol HOST Command ' > as a Proposed > Standard >... IESG, This draft is much improved from prior versions, and the explanations of why adding a new, pre-authentication, command is needed are appreciated. There are other possibilities, however, that do not increase the number of turnarounds or add to the complexity of the command. For example, one could either create some syntax within the USER command if the extension were advertised so that one would have USER userid virtual-host-id PASS ... ACCT ... (possibly with some other delimiter) or one could, with such an option, replace USER entirely, e.g., UHST userid virtual-host-id etc. This leads to a more general point, which I think is the main issue with this and the other FTP proposals that are at various points in the pipe. FTP is our oldest applications protocol that is still in active use. It was rather carefully designed. It is not HTTP and retrofitting HTTP syntax and concepts into it is not obviously the right thing to do. If we are going to start adding features to FTP, it seems to me that we need a strategy and to make design decisions: lots of little commands with four-letter names and single-token syntax versus a smaller number of more complex commands versus extending (or, in the words of the authors, "overloading") existing commands. Those decisions should not -- cannot -- be made by processing one command extension at a time, with each one reflecting the taste and assumptions of its authors in different ways. It seems to me that we need a WG or some other mechanism for establishing and determining community consensus around basic design principles for FTP extensions. If the IESG then wants to process individual extensions as individual submissions, that would be fine, but let's first at least establish a framework for evaluating them. thanks, john ___ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf