[Docs] [txt|pdf] [Tracker] [Email] [Diff1] [Diff2] [Nits]
Versions: 00 01 02 03 04
Network Working Group P. Hoffman
Internet-Draft VPN Consortium
Expires: July 2, 2005 January 2005
The ftp URI Scheme
draft-hoffman-ftp-uri-04.txt
Status of this Memo
This document is an Internet-Draft and is subject to all provisions
of section 3 of RFC 3667. By submitting this Internet-Draft, each
author represents that any applicable patent or other IPR claims of
which he or she is aware have been or will be disclosed, and any of
which he or she become aware will be disclosed, in accordance with
RFC 3668.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on July 2, 2005.
Copyright Notice
Copyright (C) The Internet Society (2005).
Abstract
This document specifies the ftp Uniform Resource Identifier (URI)
scheme that was originally specified in RFC 1738. The purpose of
this document is to allow RFC 1738 to be made obsolete while keeping
the information about the scheme on standards track.
1. Introduction
URIs were previously defined in RFC 2396 [RFC2396], which was updated
Hoffman Expires July 2, 2005 [Page 1]
Internet-Draft The ftp URI Scheme January 2005
by draft-fielding-uri-rfc2396bis [2396bis]. Those documents also
specify how to define schemes for URIs.
The first definition for many URI schemes appeared in RFC 1738
[RFC1738]. Because that document has been made obsolete, this
document copies the ftp URI scheme from it to allow that material to
remain on standards track.
Note that the file: and ftp: URIs are not the same, even when the
target of the ftp: URI is the local host.
2. Scheme Definition
The FTP URL scheme is used to designate files and directories on
Internet hosts accessible using the FTP protocol described in STD 9
[FTP], RFC 959.
An FTP URL follows the standard syntax described in
draft-fielding-uri-rfc2396bis [2396bis]. If :<port> is omitted, the
port defaults to 21.
2.1 FTP Name and Password
A user name and password may be supplied; they are used in the ftp
"USER" and "PASS" commands after first making the connection to the
FTP server. If no user name or password is supplied and one is
requested by the FTP server, the conventions for "anonymous" FTP are
to be used, as follows:
o The user name "anonymous" is supplied.
o The password is supplied as the Internet e-mail address of the end
user accessing the resource.
2.2 FTP url-path
The url-path of an FTP URL has the following syntax:
<cwd1>/<cwd2>/.../<cwdN>/<name>;type=<typecode>
<cwd1> through <cwdN> and <name> are (possibly encoded) strings and
<typecode> is one of the characters "a", "i", or "d". The <cwdx> and
<name> parts may be empty. The part ";type=<typecode>" may be
omitted. In fact, the whole url-path, including the leading "/", may
be omitted.
The url-path is interpreted as a series of FTP commands as follows:
Hoffman Expires July 2, 2005 [Page 2]
Internet-Draft The ftp URI Scheme January 2005
o Each of the <cwd> elements is to be supplied, sequentially, as the
argument to a CWD (change working directory) command.
o If the typecode is "d", perform a NLST (name list) command with
<name> as the argument, and interpret the results as a file
directory listing.
o Otherwise, perform a TYPE command with <typecode> as the argument,
and then access the file whose name is <name> (for example, using
the RETR command.)
Within a name or CWD component, the characters "/" and ";" are
reserved and must be encoded. The components are decoded prior to
their use in the FTP protocol. In particular, if the appropriate FTP
sequence to access a particular file requires supplying a string
containing a "/" as an argument to a CWD or RETR command, it is
necessary to encode each "/".
Historical note: Most FTP client implementations precede the <cwd1>
with a "/" before sending the CWD command. This is in conflict with
RFC 1738, although the practice is quite widespread. Thus, a client
that is presented with the URL <URL:ftp://myname@example.com/abc/def>
might send the two commands "CWD /abc" and "RETR def" or it might
send the two commands "CWD abc" and "RETR def". Server implementers
should be aware of these two different interpretations of the same
URL.
FTP URLs may also be used for other operations; for example, it is
possible to update a file on a remote file server, or infer
information about it from the directory listings. The mechanism for
doing so is not spelled out here.
2.3 FTP Typecode is Optional
The entire ;type=<typecode> part of a FTP URL is optional and is
rarely used. Historically, the typecode option was rarely
implemented and in practice, dereferencing is done by guessing. If
the typecode is omitted, the client program interpreting the URL must
guess the appropriate mode to use. In general, the data content type
of a file can only be guessed from the name, such as from the suffix
of the name; the appropriate type code to be used for transfer of the
file can then be deduced from the data content of the file.
2.4 Hierarchy
For some file systems, the "/" used to denote the hierarchical
structure of the URL corresponds to the delimiter used to construct a
file name hierarchy, and thus, the filename will look similar to the
Hoffman Expires July 2, 2005 [Page 3]
Internet-Draft The ftp URI Scheme January 2005
URL path. This does NOT mean that the URL is a filename in the Unix
or similar filesystems.
3. Security Considerations
There are many security considerations for URI schemes discussed in
[2396bis]. The FTP protocol uses passwords in the clear for
authentication, and offers no privacy, both of which are considered
extremely unsafe in current practice.
Both RFC 2577 [RFC2577] and RFC 2228 [RFC2228] cover security
considerations and methods that can be used to give greater
protection to FTP.
Some FTP clients may resolve FTP URLs incorrectly and try to move to
a directory "above" the base directory of the URL. FTP servers
should be aware of this and never allow such access. Such security
procedures are already common using the "chroot" facility of many
operating systems.
ALUN'S CONCERN
email addresses can be harvested
4 Informative References
[RFC1738] Berners-Lee, T., Masinter, L. and M. McCahill, "Uniform
Resource Locators (URL)", RFC 1738, December 1994.
[RFC2396] Berners-Lee, T., Fielding, R. and L. Masinter, "Uniform
Resource Identifiers (URI): Generic Syntax", RFC 2396,
August 1998.
[2396bis] Berners-Lee, T., Fielding, R. and L. Masinter, "Uniform
Resource Identifiers (URI): Generic Syntax", work in
progress, draft-fielding-uri-rfc2396bis-nn.txt.
[FTP] Postel, J. and J. Reynolds, "File Transfer Protocol", STD
9, RFC 959, October 1985.
[RFC2577] Allman, M. and S. Ostermann, "FTP Security
Considerations", RFC 2577, May 1999.
[RFC2228] Horowitz, M., "FTP Security Extensions", RFC 2228, October
1997.
Hoffman Expires July 2, 2005 [Page 4]
Internet-Draft The ftp URI Scheme January 2005
Author's Address
Paul Hoffman
VPN Consortium
127 Segre Place
Santa Cruz, CA 95060
US
EMail: paul.hoffman@vpnc.org
Hoffman Expires July 2, 2005 [Page 5]
Internet-Draft The ftp URI Scheme January 2005
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2005). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society.
Hoffman Expires July 2, 2005 [Page 6]
Html markup produced by rfcmarkup 1.129c, available from
https://tools.ietf.org/tools/rfcmarkup/