How is SafeTP better than existing FTP systems?
First and foremost, SafeTP secures the FTP control channel
to ensure the privacy of the user password, thereby providing secure
authentication. This in itself is a huge improvement over the traditional FTP
protocol, which sends user passwords (and everything else) in the clear
(see RFC 959).
SafeTP protects the control and data channels against a number of attacks,
including eavesdropping attacks, modification attacks, and replay attacks.
SafeTP provides this security through a public-key crypto-system based on the
ElGamal, DSA and TripleDES security algorithms, and is implemented as an
RFC 2228 security mechanism.
The security negotiation is similar to the one used by ssh and SSL -
see the X-SafeTP1 protocol specification for details.
SafeTP has several advantages over most existing FTP security systems (such as kerberos or ssh tunnelling):
One could argue that these features are simply a matter of convenience,
and it may be possible for an expert user to simulate some of these
behaviors using existing software - however, we feel SafeTP can be a
considerable time-saver, and the fact that it's completely automatic has
proven especially handy for inexperienced users.
- Transparent - the windows client automatically and transparently
secures FTP connections from within the OS - which means the user can
continue using their favorite FTP client, without ever having to think
about it again. No need to tweak any settings in their client, no need to
setup any tricky proxy or port forwarding software.
- Interoperable - the client software (windows and UNIX) automatically
works with both secure and insecure (legacy) servers. The server software
always accepts secure connections, and can be configured to allow or
disallow insecure connections.
- Data security and integrity configuration - SafeTP always secures the
control channel (which includes the username/password login sequence), but
the client can be configured to provide privacy, integrity and
authentication for the transferred file data as well. The user may also
choose to disable data encryption to maximize performance.
Back to main page.