From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Sun, 3 Apr 2005 15:40:16 +0200 From: "Devon H. O'Dell " To: 9fans@cse.psu.edu Subject: Re: [9fans] Secure ftp Again Message-ID: <20050403134016.GP92880@smp500.sitetronics.com> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="5KxTQ9fdN6Op3ksq" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.8i Topicbox-Message-UUID: 31f4adf8-ead0-11e9-9d60-3106f5b1d025 --5KxTQ9fdN6Op3ksq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Apr 03, 2005 at 08:36:56AM -0500, Russ Cox wrote: > > > If so, you need to change ftpfs/hget to pushtls after > > > connecting: > > > TLSconn conn; > > > fd =3D dial(etc.); > > > memset(&conn, 0, sizeof conn); > > > fd =3D tlsClient(fd, &conn); > > > instead of just calling dial. > > > > Shouldn't this be done by enhancing dial to understand a TLS > > qualifier? How difficult would that be? I'm a lot better at trivial > > changes, maybe I can figure my way around it if it makes sense. >=20 > changing dial? no. writing a tlsdial? > maybe, but it doesn't happen very often. > what's more common is that you connect, > talk plaintext for a little while, and then decide > to start tls. i don't think there are enough > instances yet to know what the common case is. >=20 > russ It seems to be pretty standard protocol to me. Exchange, verify, encrypt. The original IETF draft is at http://www.ford-hutchinson.com/~fh-1-pfh/draft-murray-auth-ftp-ssl-05.txt and every current popular FTP client implements it, so there should be plenty of source with a friendly license out there. --Devon --5KxTQ9fdN6Op3ksq Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCT/JASkf3jVXOdl0RAh4NAJ9PmpYW8cxIuWR28fSAx2h8rV9HuwCggHPf iBYaI3z6VNavqo5rb8LPKjI= =TTGO -----END PGP SIGNATURE----- --5KxTQ9fdN6Op3ksq--