"Michal Zalewski" <lcamtufat_private> wrote: > The problem with ftp is that it uses a separate data channel. You can > tunnel control channel over SSL with no problems, but you'll need some > transparent proxy or daemon code hacking to do both. Not that it can't be > done, but there is no standard way, AFAIK. It certainly looks reasonable enough in 2228 (thanks to Bojan for that - I didn't keep current with FTP security as I considered it an oxymoron :) From a web server/user point of view, it seems reasonable - HTTPd with SSL capability are accessed by web browsers with HTTPS. Web browsers also do HTTP and FTP - having a FTPS on the same SSL encryption terms would seem "cheaper" in many ways than having SSL for http but SSH for ftp, as it would allow the crypto code and Certs to be re-used for the fourth, symmetrically named protocol. SFTP is dirtier, mixing control and data into a single channel, which is good for firewalling and crypto (one channel to protect) but makes downloading multiple "threads" from a single server a higher-overhead function.
This archive was generated by hypermail 2b30 : Tue Apr 09 2002 - 11:16:28 PDT