[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CERT advisory




> Since the command channel is flat ascii, one could extend the protocol
> with a pgp-password command, which would send the password encrypted in the
> server's public key.  Similarly one could use the sort of convention that
> the wu-ftpd does to request encrypted files... simply request file.pgp,
> just like you request file.z, file.gz, etc.

There is an Internet draft (draft-ietf-cat-ftpsec-03.txt) on ftp
encription and authentication extensions.  I dont recall if it
includes a public key method, but if not it would probably be easy
to incorporate.


brad