All of lore.kernel.org
 help / color / mirror / Atom feed
From: Marcin Kaminski <maxiu@man.poznan.pl>
To: Maciej Soltysiak <solt@dns.toxicfilms.tv>
Cc: "Stuart J. Browne" <stuart@promed.com.au>, netfilter@lists.netfilter.org
Subject: RE: ftp and ssl
Date: Wed, 5 Nov 2003 11:10:03 +0100 (CET)	[thread overview]
Message-ID: <Pine.GSO.4.44.0311051052530.22263-100000@rose.man.poznan.pl> (raw)
In-Reply-To: <Pine.LNX.4.51.0311051032570.8166@dns.toxicfilms.tv>

On Wed, 5 Nov 2003, Maciej Soltysiak wrote:

> > Isn't 443 SSL over HTTP? :)
> You can use SSL over anything.

Not quite, You can use almost anything over SSL rather than reverse.

> telnet over SSL is called ssh.

No, it is not. SSH is also based on SSL but it is not just telnet over
SSL. Telnet over SSL is telnet over SSL.

> > 	SSL FTP client (does anybody use this?)
> Sure, some people use this. (Not me, yet) It works like ftp or http -
> requires to exchange an x.509 certificate and then goes on with an encrypted
> conenction.

And It can be used to encrypt only control stream, or both data and
control streams.

> I have not been using that ssl ftp, but I am sure it is not sftp, nor
> OpenSSH related.

And You are right :) I use 'lftp' client to connect to SSL protected FTP.

> > If using the later however, given that the channel will be encrypted, I
> > don't see how this conntrack would work at all.
> If ftp-control is encrypted too, connection tracking is impossible.
> And doing rewriting over nat even more impossible.

I'm not sure if one can encrypt only ftp-data. In 'lftp' configuration
there is option to optionally encrypt ftp-data and ftp-control is
encrypted always when using SSL.

Latest draft about the topic is in:
http://www.ietf.org/internet-drafts/draft-murray-auth-ftp-ssl-12.txt

Regards



  reply	other threads:[~2003-11-05 10:10 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-11-04 14:36 ftp and ssl Michael Klinteberg
2003-11-05  3:03 ` Ted Kaczmarek
2003-11-05  3:33   ` Stuart J. Browne
2003-11-05  9:37     ` Maciej Soltysiak
2003-11-05 10:10       ` Marcin Kaminski [this message]
2003-11-05 10:41         ` Maciej Soltysiak
2003-11-05 22:26     ` Michael Klinteberg
2003-11-05 23:59       ` Alistair Tonner
2003-11-06  8:12       ` Maciej Soltysiak

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Pine.GSO.4.44.0311051052530.22263-100000@rose.man.poznan.pl \
    --to=maxiu@man.poznan.pl \
    --cc=netfilter@lists.netfilter.org \
    --cc=solt@dns.toxicfilms.tv \
    --cc=stuart@promed.com.au \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.