From owner-freebsd-arch  Thu Mar 15 13:10:10 2001
Delivered-To: freebsd-arch@freebsd.org
Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163])
	by hub.freebsd.org (Postfix) with ESMTP id 2372D37B71D
	for <arch@FreeBSD.ORG>; Thu, 15 Mar 2001 13:10:04 -0800 (PST)
	(envelope-from phk@critter.freebsd.dk)
Received: from critter (localhost [127.0.0.1])
	by critter.freebsd.dk (8.11.3/8.11.3) with ESMTP id f2FL9o101648;
	Thu, 15 Mar 2001 22:09:50 +0100 (CET)
	(envelope-from phk@critter.freebsd.dk)
To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Cc: jonathan@graehl.org, arch@FreeBSD.ORG
Subject: Re: ftpd SITE MD5 and "really bad links" 
In-Reply-To: Your message of "Thu, 15 Mar 2001 16:02:03 EST."
             <200103152102.QAA49281@khavrinen.lcs.mit.edu> 
Date: Thu, 15 Mar 2001 22:09:50 +0100
Message-ID: <1646.984690590@critter>
From: Poul-Henning Kamp <phk@critter.freebsd.dk>
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In message <200103152102.QAA49281@khavrinen.lcs.mit.edu>, Garrett Wollman write
s:
>In article <NCBBLOALCKKINBNNEDDLGEJBDMAA.jonathan@graehl.org> you write:
>
>>A digest of the file would be significantly more useful if the FTP
>>server had a site key
>
>Repeat after me: this is not, and is not intended to be, a security
>mechanism.
>
>There is already a security mechanism defined for FTP.

Me notes that at this point "SITE MD5" has safely entered the territory
of bikeshed building, but tries one last time to cut out in cardboard
what the proposal is:

	SITE MD5 filename [offset [length]]

This is meant as a way to optimize away a transfer which would be
pointless because the file has the wrong contents.

The optional offset and length arguments can be used by intelligent
mirroring software to save needless transfers for partially transfered
files.

It is *STILL* the clients responsibility to check the MD5 checksum
of the received file to verify that it got what it wanted to catch
servers which lie about the MD5 checksum, binary/ascii transfer
setting mistakes or even random transmission errors, NAT gateway
malfunctions or man-in-the-middle attacks.

--
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message