idnits 2.17.1 draft-hoffman-ftp-uri-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1.a on line 16. -- Found old boilerplate from RFC 3978, Section 5.5 on line 234. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 211. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 218. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 224. ** The document seems to lack an RFC 3978 Section 5.1 IPR Disclosure Acknowledgement. ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. ** The document uses RFC 3667 boilerplate or RFC 3978-like boilerplate instead of verbatim RFC 3978 boilerplate. After 6 May 2005, submission of drafts without verbatim RFC 3978 boilerplate is not accepted. The following non-3978 patterns matched text found in the document. That text should be removed or replaced: This document is an Internet-Draft and is subject to all provisions of Section 3 of RFC 3667. By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (January 2005) is 7041 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Obsolete informational reference (is this intentional?): RFC 1738 (Obsoleted by RFC 4248, RFC 4266) -- Obsolete informational reference (is this intentional?): RFC 2396 (Obsoleted by RFC 3986) -- No information found for draft-fielding-uri-rfc2396bis-nn - is the name correct? Summary: 6 errors (**), 0 flaws (~~), 2 warnings (==), 10 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group P. Hoffman 3 Internet-Draft VPN Consortium 4 Expires: July 2, 2005 January 2005 6 The ftp URI Scheme 7 draft-hoffman-ftp-uri-04.txt 9 Status of this Memo 11 This document is an Internet-Draft and is subject to all provisions 12 of section 3 of RFC 3667. By submitting this Internet-Draft, each 13 author represents that any applicable patent or other IPR claims of 14 which he or she is aware have been or will be disclosed, and any of 15 which he or she become aware will be disclosed, in accordance with 16 RFC 3668. 18 Internet-Drafts are working documents of the Internet Engineering 19 Task Force (IETF), its areas, and its working groups. Note that 20 other groups may also distribute working documents as 21 Internet-Drafts. 23 Internet-Drafts are draft documents valid for a maximum of six months 24 and may be updated, replaced, or obsoleted by other documents at any 25 time. It is inappropriate to use Internet-Drafts as reference 26 material or to cite them other than as "work in progress." 28 The list of current Internet-Drafts can be accessed at 29 http://www.ietf.org/ietf/1id-abstracts.txt. 31 The list of Internet-Draft Shadow Directories can be accessed at 32 http://www.ietf.org/shadow.html. 34 This Internet-Draft will expire on July 2, 2005. 36 Copyright Notice 38 Copyright (C) The Internet Society (2005). 40 Abstract 42 This document specifies the ftp Uniform Resource Identifier (URI) 43 scheme that was originally specified in RFC 1738. The purpose of 44 this document is to allow RFC 1738 to be made obsolete while keeping 45 the information about the scheme on standards track. 47 1. Introduction 49 URIs were previously defined in RFC 2396 [RFC2396], which was updated 50 by draft-fielding-uri-rfc2396bis [2396bis]. Those documents also 51 specify how to define schemes for URIs. 53 The first definition for many URI schemes appeared in RFC 1738 54 [RFC1738]. Because that document has been made obsolete, this 55 document copies the ftp URI scheme from it to allow that material to 56 remain on standards track. 58 Note that the file: and ftp: URIs are not the same, even when the 59 target of the ftp: URI is the local host. 61 2. Scheme Definition 63 The FTP URL scheme is used to designate files and directories on 64 Internet hosts accessible using the FTP protocol described in STD 9 65 [FTP], RFC 959. 67 An FTP URL follows the standard syntax described in 68 draft-fielding-uri-rfc2396bis [2396bis]. If : is omitted, the 69 port defaults to 21. 71 2.1 FTP Name and Password 73 A user name and password may be supplied; they are used in the ftp 74 "USER" and "PASS" commands after first making the connection to the 75 FTP server. If no user name or password is supplied and one is 76 requested by the FTP server, the conventions for "anonymous" FTP are 77 to be used, as follows: 79 o The user name "anonymous" is supplied. 81 o The password is supplied as the Internet e-mail address of the end 82 user accessing the resource. 84 2.2 FTP url-path 86 The url-path of an FTP URL has the following syntax: 88 //...//;type= 90 through and are (possibly encoded) strings and 91 is one of the characters "a", "i", or "d". The and 92 parts may be empty. The part ";type=" may be 93 omitted. In fact, the whole url-path, including the leading "/", may 94 be omitted. 96 The url-path is interpreted as a series of FTP commands as follows: 98 o Each of the elements is to be supplied, sequentially, as the 99 argument to a CWD (change working directory) command. 101 o If the typecode is "d", perform a NLST (name list) command with 102 as the argument, and interpret the results as a file 103 directory listing. 105 o Otherwise, perform a TYPE command with as the argument, 106 and then access the file whose name is (for example, using 107 the RETR command.) 109 Within a name or CWD component, the characters "/" and ";" are 110 reserved and must be encoded. The components are decoded prior to 111 their use in the FTP protocol. In particular, if the appropriate FTP 112 sequence to access a particular file requires supplying a string 113 containing a "/" as an argument to a CWD or RETR command, it is 114 necessary to encode each "/". 116 Historical note: Most FTP client implementations precede the 117 with a "/" before sending the CWD command. This is in conflict with 118 RFC 1738, although the practice is quite widespread. Thus, a client 119 that is presented with the URL 120 might send the two commands "CWD /abc" and "RETR def" or it might 121 send the two commands "CWD abc" and "RETR def". Server implementers 122 should be aware of these two different interpretations of the same 123 URL. 125 FTP URLs may also be used for other operations; for example, it is 126 possible to update a file on a remote file server, or infer 127 information about it from the directory listings. The mechanism for 128 doing so is not spelled out here. 130 2.3 FTP Typecode is Optional 132 The entire ;type= part of a FTP URL is optional and is 133 rarely used. Historically, the typecode option was rarely 134 implemented and in practice, dereferencing is done by guessing. If 135 the typecode is omitted, the client program interpreting the URL must 136 guess the appropriate mode to use. In general, the data content type 137 of a file can only be guessed from the name, such as from the suffix 138 of the name; the appropriate type code to be used for transfer of the 139 file can then be deduced from the data content of the file. 141 2.4 Hierarchy 143 For some file systems, the "/" used to denote the hierarchical 144 structure of the URL corresponds to the delimiter used to construct a 145 file name hierarchy, and thus, the filename will look similar to the 146 URL path. This does NOT mean that the URL is a filename in the Unix 147 or similar filesystems. 149 3. Security Considerations 151 There are many security considerations for URI schemes discussed in 152 [2396bis]. The FTP protocol uses passwords in the clear for 153 authentication, and offers no privacy, both of which are considered 154 extremely unsafe in current practice. 156 Both RFC 2577 [RFC2577] and RFC 2228 [RFC2228] cover security 157 considerations and methods that can be used to give greater 158 protection to FTP. 160 Some FTP clients may resolve FTP URLs incorrectly and try to move to 161 a directory "above" the base directory of the URL. FTP servers 162 should be aware of this and never allow such access. Such security 163 procedures are already common using the "chroot" facility of many 164 operating systems. 166 ALUN'S CONCERN 168 email addresses can be harvested 170 4 Informative References 172 [RFC1738] Berners-Lee, T., Masinter, L. and M. McCahill, "Uniform 173 Resource Locators (URL)", RFC 1738, December 1994. 175 [RFC2396] Berners-Lee, T., Fielding, R. and L. Masinter, "Uniform 176 Resource Identifiers (URI): Generic Syntax", RFC 2396, 177 August 1998. 179 [2396bis] Berners-Lee, T., Fielding, R. and L. Masinter, "Uniform 180 Resource Identifiers (URI): Generic Syntax", work in 181 progress, draft-fielding-uri-rfc2396bis-nn.txt. 183 [FTP] Postel, J. and J. Reynolds, "File Transfer Protocol", STD 184 9, RFC 959, October 1985. 186 [RFC2577] Allman, M. and S. Ostermann, "FTP Security 187 Considerations", RFC 2577, May 1999. 189 [RFC2228] Horowitz, M., "FTP Security Extensions", RFC 2228, October 190 1997. 192 Author's Address 194 Paul Hoffman 195 VPN Consortium 196 127 Segre Place 197 Santa Cruz, CA 95060 198 US 200 EMail: paul.hoffman@vpnc.org 202 Intellectual Property Statement 204 The IETF takes no position regarding the validity or scope of any 205 Intellectual Property Rights or other rights that might be claimed to 206 pertain to the implementation or use of the technology described in 207 this document or the extent to which any license under such rights 208 might or might not be available; nor does it represent that it has 209 made any independent effort to identify any such rights. Information 210 on the procedures with respect to rights in RFC documents can be 211 found in BCP 78 and BCP 79. 213 Copies of IPR disclosures made to the IETF Secretariat and any 214 assurances of licenses to be made available, or the result of an 215 attempt made to obtain a general license or permission for the use of 216 such proprietary rights by implementers or users of this 217 specification can be obtained from the IETF on-line IPR repository at 218 http://www.ietf.org/ipr. 220 The IETF invites any interested party to bring to its attention any 221 copyrights, patents or patent applications, or other proprietary 222 rights that may cover technology that may be required to implement 223 this standard. Please address the information to the IETF at 224 ietf-ipr@ietf.org. 226 Disclaimer of Validity 228 This document and the information contained herein are provided on an 229 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 230 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 231 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 232 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 233 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 234 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 236 Copyright Statement 238 Copyright (C) The Internet Society (2005). This document is subject 239 to the rights, licenses and restrictions contained in BCP 78, and 240 except as set forth therein, the authors retain all their rights. 242 Acknowledgment 244 Funding for the RFC Editor function is currently provided by the 245 Internet Society.