Date: Thu, 15 Mar 2001 11:45:09 -0700 (MST) From: Nate Williams <nate@yogotech.com> To: freebsd-arch@FreeBSD.ORG Cc: Brooks Davis <brooks@one-eyed-alien.net> Subject: Re: [PATCH] add a SITE MD5 command to ftpd Message-ID: <15025.3509.496206.784802@nomad.yogotech.com> In-Reply-To: <20010314185026.C7683@dragon.nuxi.com> References: <20010314084651.A23104@ringworld.oblivion.bg> <200103142342.QAA09233@usr08.primenet.com> <20010314161555.A4984@Odin.AC.HMC.Edu> <20010314185026.C7683@dragon.nuxi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > I'm frankly, completly mystified by the various comments about this not > > being a security feature. Of course it's not. That's blindly obvious. > > I disagree it is blindly obvious. It wasn't to some I've talked to. > We've ended up associating a "security nature" to MD5. Thus when people > see that name, they make assumptions. > > > That's not the point. As long as it's an option I frankly don't see how > > it could possibly hurt things and I can't see any good reason why a > > reasonably implementation wouldn't spread if people started using > > clients that could take advantage of it. > > How?? are clients going to take advantage of it? For the majority of FTP > clients want to fetch the file, so why ask for an MD5 of it? To see if the file that they are looking for exists on the server? As someone pointed out already, the server may have an 'older' file, so there's no sense in downloading it unless the MD5's match. > Are you > thinking about checking the xfer was OK? That's the only use I can think > of. The other uses people have mentioned are very, very specific to a > single task done by the FreeBSD Project. The xfer would have been OK if the MD5 matched what the port listed. But, it would save a download. (A good example of files that never change their name are the named files). Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15025.3509.496206.784802>