As time goes on, we find that there are sites which give information that our users are sure to find useful. We list those sites and their links here.
- Tales from the Crypto Alun Jones' blog on security, networking and anything else that springs to mind.
- 30 days of Microsoft downloads
- I'm often amazed at the things that Microsoft makes available for download. I go to this link on a regular basis for interesting tools and toys, patches and fixes, and white-papers galore.
RFCs describing FTP behaviour
These are rather technical and dry, difficult to interpret, and occasionally at odds with the way FTP is used in general - but they are what we have to work with:
- RFC959 File Transfer Protocol (FTP)
- This is the main document describing the FTP protocol.
- RFC4217 Securing FTP with TLS
- The document on which we based our SSL / TLS capabilities, ensuring that we are compatible with the majority of FTP clients that use this protocol, whether it's known as "FTP over SSL", "FTP over TLS", or the confusing "FTPS".
- RFC3659 Extensions to FTP
- Describes the MDTM, REST (stream-mode), MLST and MLSD commands. REST is how we support resuming interrupted transfers.
- RFC2640 Internationalisation of the File Transfer Protocol
- Designed to allow transmission of file names to be carried out in "UTF-8", a format that allows for multiple different languages' characters to be represented, while still retaining the same character codes for the English characters included in ASCII.
- RFC2577 FTP Security Considerations
- We contributed to the discussion behind this document as it worked its way from draft to final document. Look for Alun Jones in the "Acknowledgements" section.
- RFC2428 FTP Extensions for IPv6 and NATs
- Defines the EPRT and EPSV commands, which support the use of IPv6 in FTP.
- RFC2389 Feature negotiation mechanism for the File Transfer Protocol
- A very simple modification to the original protocol, allowing clients to query servers for the presence of features. For the most part, though, it's best to just try the command you want, and deal with the possibility of failure.
- RFC2228 FTP Security Extensions
- Defines the PROT, PBSZ, CCC and other commands related to encryption and integrity protection, which was used as a basis for RFC4217, Securing FTP with TLS. The GSSAPI option described in the appendix to this RFC is not used by our software, nor will it, because it has a fundamental reliability flaw. FTP over Kerberos, as the GSSAPI option is often described, is not something we recommend you use if you have a choice.
- RFC1639 FTP Operation Over Big Address Records (FOOBAR)
- Defines LPRT and LPSV, which support the use of IPv6 in FTP.
- RFC1635 How to Use Anonymous FTP
- Mostly interesting for a historical perspective on how FTP was used in the mostly-Unix middle-to-early history of the Internet
- RFC1579 Firewall-Friendly FTP
- Recommends the use of PASV transfers, so that the firewall burden is at the server, not the client.