RFC 2228 (rfc2228) - Page 2 of 27


FTP Security Extensions



Alternative Format: Original Text Document



RFC 2228                FTP Security Extensions             October 1997


1.  Introduction

   The File Transfer Protocol (FTP) currently defined in STD 9, RFC 959
   and in place on the Internet uses usernames and passwords passed in
   cleartext to authenticate clients to servers (via the USER and PASS
   commands).  Except for services such as "anonymous" FTP archives,
   this represents a security risk whereby passwords can be stolen
   through monitoring of local and wide-area networks.  This either aids
   potential attackers through password exposure and/or limits
   accessibility of files by FTP servers who cannot or will not accept
   the inherent security risks.

   Aside from the problem of authenticating users in a secure manner,
   there is also the problem of authenticating servers, protecting
   sensitive data and/or verifying its integrity.  An attacker may be
   able to access valuable or sensitive data merely by monitoring a
   network, or through active means may be able to delete or modify the
   data being transferred so as to corrupt its integrity.  An active
   attacker may also initiate spurious file transfers to and from a site
   of the attacker's choice, and may invoke other commands on the
   server.  FTP does not currently have any provision for the encryption
   or verification of the authenticity of commands, replies, or
   transferred data.  Note that these security services have value even
   to anonymous file access.

   Current practice for sending files securely is generally either:

      1.  via FTP of files pre-encrypted under keys which are manually
          distributed,

      2.  via electronic mail containing an encoding of a file encrypted
          under keys which are manually distributed,

      3.  via a PEM message, or

      4.  via the rcp command enhanced to use Kerberos.

   None of these means could be considered even a de facto standard, and
   none are truly interactive.  A need exists to securely transfer files
   using FTP in a secure manner which is supported within the FTP
   protocol in a consistent manner and which takes advantage of existing
   security infrastructure and technology.  Extensions are necessary to
   the FTP specification if these security services are to be introduced
   into the protocol in an interoperable way.







Horowitz & Lunt             Standards Track