How is SafeTP better than existing FTP systems?

Security

First and foremost, SafeTP secures the FTP control channel to ensure the privacy of the user password, thereby providing secure authentication. This in itself is a huge improvement over the traditional FTP protocol, which sends user passwords (and everything else) in the clear (see RFC 959).

SafeTP protects the control and data channels against a number of attacks, including eavesdropping attacks, modification attacks, and replay attacks. SafeTP provides this security through a public-key crypto-system based on the ElGamal, DSA and TripleDES security algorithms, and is implemented as an RFC 2228 security mechanism. The security negotiation is similar to the one used by ssh and SSL - see the X-SafeTP1 protocol specification for details.

SafeTP has several advantages over most existing FTP security systems (such as kerberos or ssh tunnelling):

Transparent - the windows client automatically and transparently secures FTP connections from within the OS - which means the user can continue using their favorite FTP client, without ever having to think about it again. No need to tweak any settings in their client, no need to setup any tricky proxy or port forwarding software.
Interoperable - the client software (windows and UNIX) automatically works with both secure and insecure (legacy) servers. The server software always accepts secure connections, and can be configured to allow or disallow insecure connections.
Data security and integrity configuration - SafeTP always secures the control channel (which includes the username/password login sequence), but the client can be configured to provide privacy, integrity and authentication for the transferred file data as well. The user may also choose to disable data encryption to maximize performance.

One could argue that these features are simply a matter of convenience, and it may be possible for an expert user to simulate some of these behaviors using existing software - however, we feel SafeTP can be a considerable time-saver, and the fact that it's completely automatic has proven especially handy for inexperienced users.

Back to main page.