> But given that a lot of people don't believe or know that FTP is > secure (they live in the distant past), they feel free to use > sftp and ftps and 'secure ftp' interchangeably. I even saw a > web browser incorrectly process an ftp:// URL, using "binary" > transfers for text data, on the bogus assumption that they are > the same. Morons.
Now you sound like Chuckie. Tony Thigpen -----Original Message ----- From: Alan Altmark Sent: 07/23/2010 05:10 PM > On Friday, 07/23/2010 at 04:41 EDT, Edward M Martin <[email protected]> > wrote: >> Ok I need some comments and guidance. FTP using the SSH is not what we > want, I >> believe. > > That is called "sftp" and is what the IBM Ported Tools gives you. > >> We want FTP/SSL or FTPS (implicit SSL). Which from my earlier question > about >> FTP and TCP/IP on z/OS is not in the BASE TCP/IP suite. > > z/OS *does* include FTP/SSL (via System SSL) and FTPS (via AT-TLS). There > may be other FMIDs that have to be installed. I'm not an MVS guru. > >> Alan this statement would this be the part of the IBM PORTED Tools that > you >> are talking about (see below). >> >> If it is then, That would SFTP and not the FTP/SSL (FTPS) that we > require. > >>> TCP/IP is part of z/OS Communications Server (nee VTAM). It is not a > part of >>> the base z/OS. It is a charge feature of z/OS. "sftp" is available for > z/OS, >>> but must be ordered. It is part of the OpenSSH port ( 5655-M23). It is > free. >>> This version of sftp only support z/OS UNIX files. > > I don't worry too much about the fact that you can "snap out" things like > RACF and TCP/IP. You really need to talk to your in-house z/OS folks to > know what they have/haven't ordered/installed. > >> ?. SFTP, for our purposes here at <name removed> , is for Implicit SSL >> connections. FTPS, is for SSH connections which we don?t accept at all > in >> fact. ? > > Feel free to correct them. SFTP has only one meaning: file transfer using > an ssh tunnel. FTPS can be either RFC 4217 (dynamic) or implicit SSL (a > la https). Some ftps clients are smart enough to connect in clear-text > and find out if the server supports RFC 4217 and, if not, disconnect and > reconnect with implicit SSL. > > But given that a lot of people don't believe or know that FTP is secure > (they live in the distant past), they feel free to use sftp and ftps and > 'secure ftp' interchangeably. I even saw a web browser incorrectly > process an ftp:// URL, using "binary" transfers for text data, on the > bogus assumption that they are the same. Morons. > > Alan Altmark > z/VM Development > IBM Endicott > >
