From owner-freebsd-security@freebsd.org  Wed Sep 14 18:07:53 2016
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 92B74BD55AF
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Wed, 14 Sep 2016 18:07:53 +0000 (UTC)
 (envelope-from beebe@math.utah.edu)
Received: from mail.math.utah.edu (mail.math.utah.edu [155.101.98.135])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mail.math.utah.edu", Issuer "InCommon RSA Server CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 6B1D71EFE;
 Wed, 14 Sep 2016 18:07:53 +0000 (UTC)
 (envelope-from beebe@math.utah.edu)
Received: from gamma.math.utah.edu (gamma.math.utah.edu [155.101.96.20])
 by mail.math.utah.edu (8.14.8/8.14.8) with ESMTP id u8EHXVM6026765;
 Wed, 14 Sep 2016 11:33:36 -0600 (MDT)
Received: from gamma.math.utah.edu (localhost [127.0.0.1])
 by gamma.math.utah.edu (8.15.1/8.15.1) with ESMTP id u8EHXVPt131707;
 Wed, 14 Sep 2016 11:33:31 -0600
Received: (from beebe@localhost)
 by gamma.math.utah.edu (8.15.1/8.15.1/Submit) id u8EHXVJk131706;
 Wed, 14 Sep 2016 11:33:31 -0600
Date: Wed, 14 Sep 2016 11:33:31 -0600
From: "Nelson H. F. Beebe" <beebe@math.utah.edu>
To: Matthew Seaman <matthew@FreeBSD.org>
Cc: beebe@math.utah.edu, freebsd-security@freebsd.org
X-US-Mail: "Department of Mathematics, 110 LCB, University of Utah, 155 S
 1400 E RM 233, Salt Lake City, UT 84112-0090, USA"
X-Telephone: +1 801 581 5254
X-FAX: +1 801 581 4148
X-URL: http://www.math.utah.edu/~beebe
Subject: Re: ftpd leaks info which might be useful to an attacker
In-Reply-To: <1333775a-3398-ab93-66fe-6c381eb5c428@FreeBSD.org>
Message-ID: <CMM.0.95.0.1473874411.beebe@gamma.math.utah.edu>
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.3.8
 (mail.math.utah.edu [155.101.98.135]); Wed, 14 Sep 2016 11:33:36 -0600 (MDT)
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Sep 2016 18:07:53 -0000

Matthew Seaman <matthew@FreeBSD.org> writes today:

>> About the only useful way to use FTP any more is for anonymous read-only
>> access to download stuff from an archive -- and in that use case, a web
>> server is generally a much better choice.  FTP as a protocol is archaic
>> and needs to die.

I agree with the first point (up to the dash), but strongly disagree
with the second: FTP provides directory listing capability, whereas
HTTP does not.  I use "dir -tr" in FTP connections quite frequently,
and I find the timestamps in the directory listings critical
information that is routinely lost at many HTTP-only sites.

-------------------------------------------------------------------------------
- Nelson H. F. Beebe                    Tel: +1 801 581 5254                  -
- University of Utah                    FAX: +1 801 581 4148                  -
- Department of Mathematics, 110 LCB    Internet e-mail: beebe@math.utah.edu  -
- 155 S 1400 E RM 233                       beebe@acm.org  beebe@computer.org -
- Salt Lake City, UT 84112-0090, USA    URL: http://www.math.utah.edu/~beebe/ -
-------------------------------------------------------------------------------