Date: Wed, 14 Mar 2001 13:59:53 -0800 (PST) From: John Baldwin <jhb@FreeBSD.org> To: Bill Fumerola <billf@mu.org> Cc: freebsd-arch@FreeBSD.org, Peter Pentchev <roam@orbitel.bg> Subject: Re: [PATCH] add a SITE MD5 command to ftpd Message-ID: <XFMail.010314135953.jhb@FreeBSD.org> In-Reply-To: <20010314142431.P31752@elvis.mu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 14-Mar-01 Bill Fumerola wrote: > On Tue, Mar 13, 2001 at 10:27:10PM -0800, John Baldwin wrote: > >> As Terry points out, however, this isn't secure, which makes it less useful >> than first appears. His 2 questions at the end are good ones. > > Who would use it to mean "secure"? I'd want clients to use it to > determine if they downloaded the file w/o error. Other things > like fenner's scripts could use it to see if the file changed (which > is pretty handy, as someone pointed out, for mirroring software). As long as the MD5 is confirmed by the local machine if the file is downloaded (fenner's script wouldn't need this, but paranoid mirroring software might) then I guess that should cover most bases. I didn't say it was useless, just less useful than first appears, which might be better stated as less useful than it might first appear, since different people will have different first perceptions. > Any software author that did use it would have to realize that > they'd have to take the server's answer with a truckload of salt. Yes, it can't be used to avoid a local md5 check of the file, for example. > The only thing that is minorly unpleasant about this is how non-standard > of a change it is. It lives under SITE. If it becomes widespread enough in use, then it might one day end up in the standard. -- John Baldwin <jhb@FreeBSD.org> -- http://www.FreeBSD.org/~jhb/ PGP Key: http://www.baldwin.cx/~john/pgpkey.asc "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.010314135953.jhb>