How is SafeTP better than existing FTP systems?


First and foremost, SafeTP secures the FTP control channel to ensure the privacy of the user password, thereby providing secure authentication. This in itself is a huge improvement over the traditional FTP protocol, which sends user passwords (and everything else) in the clear (see RFC 959).

SafeTP protects the control and data channels against a number of attacks, including eavesdropping attacks, modification attacks, and replay attacks. SafeTP provides this security through a public-key crypto-system based on the ElGamal, DSA and TripleDES security algorithms, and is implemented as an RFC 2228 security mechanism. The security negotiation is similar to the one used by ssh and SSL - see the X-SafeTP1 protocol specification for details.

SafeTP has several advantages over most existing FTP security systems (such as kerberos or ssh tunnelling): One could argue that these features are simply a matter of convenience, and it may be possible for an expert user to simulate some of these behaviors using existing software - however, we feel SafeTP can be a considerable time-saver, and the fact that it's completely automatic has proven especially handy for inexperienced users.

Back to main page.