PHWinfo - Afficher un message - What is the difference between ftp encryption types SSL, TLS, SFTP and SSH ?

21/12/2006, 22h02

mmmm@buzz.com (Marcus Mender) (06-12-17 12:00:42):

> I have seen a couple of different encryption types for ftp
> connections:
>
> TLS
> SSL
> SFTP
> SSH
>
> Ok, provided an ftp server offers all these types: which type should I
> choose to setup the ftp server or to select from the ftp clients view?

From the client's view, certainly TLS and SSL are more convenient, but
for home user purposes, they probably are overkill. At the moment, SSL
and TLS are essentially the same. TLS (v1) is just a container
protocol, which currently encapsulates SSLv3. It might contain newer,
more secure protocols in the future, so TLS is preferable over SSL.

To make those two protocols as secure as possible, you need to deal with
certificates. Server-side certificates are only half of the story.
They only authenticate the server. So if you want to authenticate the
client cryptographically, you will need client certificates. Not all
client programs support that, and there are even some server programs,
which don't.

However, if you already have an SSH server with key-based authentication
running, and you have got a client that supports SFTP (which is FTP over
an SSH tunnel), then you're already set. You can continue to use your
normal SSH keys for FTP authentication, which is of course preferable in
this case.

> Is the security for all these types similar and the difference refers
> only different protocols?

From the cryptological perspective, yes. There are minor
cryptographical differences, but all in all, their security is
equivalent.

> What are the pros and cons ?

One major reason to prefer SFTP is its simplicity. Setting up a proper
certificate infrastructure for SSL and TLS may be overkill, and requires
some cryptological skills. This is suitable for large networks with
many users. There it would make sense to create an own certificate
authority (CA), which you can use for more things than just FTP. Users
could use the same certificate to securely authenticate to all services
offered by the network.

The downside of SFTP is that there is no trusted arbitrator (a CA in
SSL/TLS terminology). This is good for small networks, but very bad for
larger ones.

In short: Prefer SFTP for home networks and small companies; prefer
SSL/TLS for large enterprise networks.

Regards,
E.S.

(Third time trying to send this message...)

21/12/2006, 22h02	#19
Ertugrul Soeylemez Messages: n/a Hébergeur:	Re: What is the difference between ftp encryption types SSL, TLS,SFTP and SSH ? mmmm@buzz.com (Marcus Mender) (06-12-17 12:00:42): > I have seen a couple of different encryption types for ftp > connections: > > TLS > SSL > SFTP > SSH > > Ok, provided an ftp server offers all these types: which type should I > choose to setup the ftp server or to select from the ftp clients view? From the client's view, certainly TLS and SSL are more convenient, but for home user purposes, they probably are overkill. At the moment, SSL and TLS are essentially the same. TLS (v1) is just a container protocol, which currently encapsulates SSLv3. It might contain newer, more secure protocols in the future, so TLS is preferable over SSL. To make those two protocols as secure as possible, you need to deal with certificates. Server-side certificates are only half of the story. They only authenticate the server. So if you want to authenticate the client cryptographically, you will need client certificates. Not all client programs support that, and there are even some server programs, which don't. However, if you already have an SSH server with key-based authentication running, and you have got a client that supports SFTP (which is FTP over an SSH tunnel), then you're already set. You can continue to use your normal SSH keys for FTP authentication, which is of course preferable in this case. > Is the security for all these types similar and the difference refers > only different protocols? From the cryptological perspective, yes. There are minor cryptographical differences, but all in all, their security is equivalent. > What are the pros and cons ? One major reason to prefer SFTP is its simplicity. Setting up a proper certificate infrastructure for SSL and TLS may be overkill, and requires some cryptological skills. This is suitable for large networks with many users. There it would make sense to create an own certificate authority (CA), which you can use for more things than just FTP. Users could use the same certificate to securely authenticate to all services offered by the network. The downside of SFTP is that there is no trusted arbitrator (a CA in SSL/TLS terminology). This is good for small networks, but very bad for larger ones. In short: Prefer SFTP for home networks and small companies; prefer SSL/TLS for large enterprise networks. Regards, E.S. (Third time trying to send this message...)