On Thu, May 06, 2021 at 11:09:03AM -0600, Theo de Raadt wrote: > Jan Klemkow <j.klem...@wemelug.de> wrote: > > > > > > I'm working on a diff to bring ftps with libtls into our ftpd(8). > > > > > There > > > > > is a "getaddrinfo(NULL, "ftps", &hints, &res0)" call, which uses this > > > > > port. Thus, I made this change. > > > > > > > > Hang on -- does the world want ftps support? > > > > I don't know, what "the world" wants. But, I want ftps. As far as I > > can see, ftps is the only way to bring our ftpd(8) into the 21st > > century. > > I have a really hard time with that. > > The protocol is completely broken, and in a way that adding TLS makes it > even worse.
OK. And what should we do with ftpd(8)? I see just three ways: 1. Prepare it for usage in modern internet with crypto support. 2. Just use it for anonymous public file distribution. 3. Remove the daemon. In my opinion the protocol is not that bad and our daemon just need some refactoring and encryption support.
