Securing FTP with TLS
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: Internet Architecture Board <firstname.lastname@example.org>, RFC Editor <email@example.com> Subject: Protocol Action: 'Securing FTP with TLS' to Proposed Standard The IESG has approved the following document: - 'Securing FTP with TLS ' <draft-murray-auth-ftp-ssl-17.txt> as a Proposed Standard This document has been reviewed in the IETF but is not the product of an IETF Working Group. The IESG contact person is Ted Hardie. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-murray-auth-ftp-ssl-17.txt
Technical Summary This document describes a mechanism that can be used by FTP clients and servers to implement security and authentication using the TLS protocol defined by RFC 2246 and the extensions to the FTP protocol defined by RFC-2228. It describes the subset of the extensions which are required and the parameters to be used. It discusses some of the policy issues that clients and servers will need to take. It also considers some of the implications of those policies and discusses some expected implementation behavior. Working Group Summary This document is an individual submission. Its authors argue that, though TLS is not the only mechanism for securing file transfer, it provides good flexibility, is associated with known key management tools, and will be familiar to implementors because of its use in HTTPS and SMTP. A concern raised during community review was the appropriateness of using TLS in a two channel protocol like FTP; the authors believe that the document adequately describes how to tie the two channels together and why this is required. Protocol Quality This document was reviewed for the IESG by Ted Hardie. An earlier version was reviewed by Eric Rescorla.