[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CERT advisory
> Since the command channel is flat ascii, one could extend the protocol
> with a pgp-password command, which would send the password encrypted in the
> server's public key. Similarly one could use the sort of convention that
> the wu-ftpd does to request encrypted files... simply request file.pgp,
> just like you request file.z, file.gz, etc.
There is an Internet draft (draft-ietf-cat-ftpsec-03.txt) on ftp
encription and authentication extensions. I dont recall if it
includes a public key method, but if not it would probably be easy
to incorporate.
brad