Re: telnetd vulnerability from BUGTRAQ
>
> I don't know what you imagine is "encrypted" in FTP, though, since that
> is not part of the specification or the standard implementations.
oh, not part of THIS: http://www.ietf.org/rfc/rfc2246.txt specification?
that is like, what, 5 years old?
Well, what about this:
http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html
and this:
http://www.faqs.org/ftp/internet-drafts/draft-murray-auth-ftp-ssl-13.txt
and this:
http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html,
and this
http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html#client
And this is fully supported by debian, we've got excellent client (lftp),
excelent server (proftpd) and funky server (wzdftpd), so there's something
for everyone.
I think noone uploaded tlswrap yet, although I've been using it with
success and on many platforms for ~2 years now.
I would suggest updating one's knowledge at least every ~5 years or so...
(it's easy for me to say, because i'm still learning, maybe people with
decades of IT experience find it more difficult to follow development of
standards)
--
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
Reply to: