home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Columbia Kermit
/
kermit.zip
/
newsgroups
/
misc.20021006-20030409
/
000259_jaltman2@nyc.rr.com_Fri Jan 31 09:11:32 EST 2003.msg
< prev
next >
Wrap
Text File
|
2020-01-01
|
4KB
|
67 lines
Article: 14052 of comp.protocols.kermit.misc
Path: newsmaster.cc.columbia.edu!phl-feed.news.verio.net!iad-feed.news.verio.net!iad-peer.news.verio.net!news.verio.net!news.maxwell.syr.edu!newsfeed1.cidera.com!Cidera!cyclone.rdc-nyc.rr.com!news-out.nyc.rr.com!twister.nyc.rr.com.POSTED!not-for-mail
From: "Jeffrey Altman [Road Runner NYC]" <jaltman2@nyc.rr.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2.1) Gecko/20021130
X-Accept-Language: en-us, en
MIME-Version: 1.0
Newsgroups: comp.sys.hp.apps,comp.protocols.kermit.misc,comp.sys.hp.hpux
Subject: Re: Secure ftp using SSL.
References: <b16col$mb0$1@news2.pharma.com> <b1927j$d9l$1@watsol.cc.columbia.edu> <NrVZ9.54$tR1.14@news.cpqcorp.net> <gCZZ9.89$652.47@news.cpqcorp.net> <b19qcc$i0c$1@newsmaster.cc.columbia.edu> <SP_Z9.93$Qc2.64@news.cpqcorp.net> <e95b1b.tr8.ln@Lonmay.wew.co.uk>
In-Reply-To: <e95b1b.tr8.ln@Lonmay.wew.co.uk>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Lines: 44
Message-ID: <_Dq_9.4148$Of4.1143268@twister.nyc.rr.com>
Date: Fri, 31 Jan 2003 08:40:26 GMT
NNTP-Posting-Host: 66.108.138.151
X-Complaints-To: abuse@rr.com
X-Trace: twister.nyc.rr.com 1044002426 66.108.138.151 (Fri, 31 Jan 2003 03:40:26 EST)
NNTP-Posting-Date: Fri, 31 Jan 2003 03:40:26 EST
Organization: Road Runner - NYC
Xref: newsmaster.cc.columbia.edu comp.sys.hp.apps:15011 comp.protocols.kermit.misc:14052 comp.sys.hp.hpux:154684
Colin M wrote:
> "Rick Jones" <foo@bar.baz.invalid> wrote in message
> news:SP_Z9.93$Qc2.64@news.cpqcorp.net...
>
> Given FTPs peculiarities SSL encapsulation has not been a big hit. I'd
> recommend you make sure this is your only option as opposed to HTTPS /
> SSL-nfs / SSL-SMB / scp
>
> Colin
As with everything else one needs to understand what you mean by a "bit
hit". The only reason that TLS secured FTP is not considered a "bit
hit" by the masses is because it is not implemented in your browser. It
is not implemented in the browser because anonymous FTP sites do not
need to be secure for downloading; and browsers do not (in general)
support uploading via FTP.
Secure FTP clients and servers utilize managed authentication
mechanisms. Whether the identity of the client and server are verified
via a GSSAPI method such as Kerberos or X.509 certs (SSL/TLS); the
management of the credentials must be performed. Therefore, secure FTP
servers have only been deployed in those environments in which there is
a pre-existing managed infrastructure.
The commercial and government systems that have deployed secure FTP are
quite large. There are a number of open source implementations for Unix
supported by Peter Runestig that integrate SSL/TLS into BSD FTP/FTPD and
ProFTPD. C-Kermit is a client that supports SRP, GSSAPI Kerberos V,
Kerberos IV, and SSL/TLS. Linux, OpenBSD, and NetBSD all include
SSL/TLS secured ProFTPD out of the box.
For Windows there are many commercial implementations including
WFTPD-PRO from Texas Imperial Software. Kermit 95 is available as a
client as well as several other competing implementations.
Since you use the term "encapsulation" let me point out that FTP
Security does not use "encapsulation" of the protocol streams (command
and data) but instead integrates SSL/TLS, GSSAPI, etc. into the protocol
streams. When you use a PRIVATE session in FTP your communication over
the command and data channels is both authenticated and encrypted.
There is no attempt to wrap the communications within something else.
What you are most likely thinking about are folks who try to protect FTP
communication by tunneling it across SSH sessions.