FTP Related RFCs (Request For Comments)

This page lists current Internet RFCs and Drafts that define or are closely related to the FTP protocol.

ProFTPD 1.2 conforms to the FTP protocol standard as defined in RFC-959 (STD-9) and RFC-1123 (STD-3). It also implements RFC-2389 ("Feature negotiation mechanism for the File Transfer Protocol"). All the required commands are implemented, as are most of the optional commands appropriate for FTP servers hosted on POSIX (IEEE-1003.1) style operating systems. However, the ACCT (Account) command is not implemented.

ProFTPD 1.2 implements the extended protocol commands MDTM (Modification Time) and size, and extends the REST (Restart) command to STREAM mode transfers. These extensions are for resuming interrupted file transfers and represent common existing practice, which is being codified in the IETF Draft "Extensions to FTP."

Future plans for ProFTPD include the gradual implementation of the recent standards track RFCs developed by the IETF CAT and FTPEXT Working Groups. It is likely that attention will first focus on RFC-2228 "FTP Security Extensions", and the MLST and MLSD commands from the IETF Draft "Extensions to FTP." RFC-2640 "Internationalization of the File Transfer Protocol" also may receive early attention.

The IETF Common Authentication Technology (CAT) Working Group has produced RFC-2228 and RFC-2773. The CAT WG has produced numerous other RFCs about various authentication and authorization topics, including Kerberos-5, SASL and GSS-API.

The IETF Extensions to FTP (FTPEXT) Working Group has produced RFC-2389, RFC-2428, RFC-2577, RFC-2640, and the "Extensions to FTP" Internet Draft, draft-ietf-ftpext-mlst-12.txt.


RFC Summaries

RFC-959 File Transfer Protocol (FTP)

[http] [ftp] Errata: [http]
Issued: October 1985 Status: STANDARD -- STD-0009 [http] [ftp]
Obsoletes: RFC-765 Updated by: RFC-1123, RFC-2228, RFC-2640, RFC-2773
The base specification of the current File Transfer Protocol.

RFC-1123 Requirements for Internet Hosts -- Application and Support

[http] [ftp]
Issued: October 1989 Status: STANDARD -- STD-0003 [http] [ftp]
Section 4.1, pp. 29-43, is devoted to FTP. Extends and clarifies some aspects of RFC-959. Introduces new response codes 554 and 555.

RFC-1579 Firewall-Friendly FTP

[http] [ftp]
Issued: February 1994 Status: INFORMATIONAL
Suggests a new APSV command and 151 response code.

RFC-1635 How to Use Anonymous FTP

[http] [ftp]
Issued: May 1994 Status: INFORMATIONAL -- FYI-0024 [http] [ftp]
Provides introductory information for the novice Internet user about using the File Transfer Protocol (FTP).

RFC-1639 FTP Operation Over Big Address Records (FOOBAR)

[http] [ftp]
Issued: June 1994 Status: EXPERIMENTAL
Obsoletes: RFC-1545
(FOOBAR Assigned Numbers [http]) Defines new LPRT and LPSV commands and response codes 228 and 521.

RFC-2151 A Primer On Internet and TCP/IP Tools and Utilities

[http] [ftp]
Issued: June 1997 Status: INFORMATIONAL -- FYI-0030 [http] [ftp]
Obsoletes: RFC-1739
An introductory guide to many of the most common TCP/IP and Internet tools and resources, including FTP

RFC-2228 FTP Security Extensions (FTPSECEXT)

[http] [ftp]
Issued: October 1997
Status: PROPOSED STANDARD
Updates: RFC-959
Specifies several security extensions to the base FTP protocol defined in RFC-959. New commands: AUTH, ADAT, PROT, PBSZ, CCC, MIC, CONF, and ENC. New response codes: 232, 234, 235, 334, 335, 336, 431, 533, 534, 535, 536, 537, 631, 632, and 633.

RFC-2389 Feature negotiation mechanism for the File Transfer Protocol (FTP-FNEGO)

[http] [ftp]
Issued: August 1998
Status: PROPOSED STANDARD
Defines mechanisms for FTP client programs to obtain lists of features and options supported by FTP servers. Introduces the new FEAT and OPTS commands.

RFC-2428 FTP Extensions for IPv6 and NATs

[http] [ftp]
Issued: September 1998 Status: PROPOSED STANDARD
Introduces the new commands EPRT and EPSV, and the new response codes 522 and 229.

RFC-2577 FTP Security Considerations

[http] [ftp]
Issued: May 1999 Status: INFORMATIONAL
Provides several configuration and implementation suggestions to mitigate some security concerns, including limiting failed password attempts and third-party "proxy FTP" transfers, which can be used in "bounce attacks" (CERT97:27).

RFC-2585 Internet X.509 Public Key Infrastructure Operational Protocols: FTP and HTTP

[http] [ftp]
Issued: May 1999 Status: PROPOSED STANDARD
Specifies conventions for using the FTP and HTTP to obtain X.509 certificates and certificate revocation lists (CRLs) from Public Key Infrastructure (PKI) repositories.

RFC-2640 Internationalization of the File Transfer Protocol

[http] [ftp]
Issued: July 1999 Status: PROPOSED STANDARD
Updates: RFC-959
Extends the FTP protocol to support multiple character sets, in addition to the original 7-bit ASCII. Introduces the new LANG command.

RFC-2773 Encryption using KEA and SKIPJACK

[http] [ftp]
Issued: February 2000 Status: Experimental
Updates: Updates: RFC-959
Defines a RFC-2228 "FTP Security Extensions" method, which uses the Key Exchange Algorithm (KEA) for mutual authentication and encryption key exchange, and uses SKIPJACK to encrypt both FTP data and control channels.

Draft Summaries

IETF Draft: Extensions to FTP

draft-ietf-ftpext-mlst-12.txt [http] [ftp]
Status: Expires March 2001 Category: Informational
Several protocol extensions are defined or documented. The new MLST and MLSD commands are defined to provide standardized file and directory list formats. A "trivial" virtual file store (TVFS) is specified. 8-bit characters with UTF-8 encoding. The REST (Restart) command is extended to STREAM mode transfers, and the commonly implemented MDTM (Mod Time) and size commands are documented. Earlier revisions of this draft included a HOST command, which allowed HTTP style name-based virtual servers. However, this feature was deleted in the 09 revision of the draft.

Draft: Securing FTP with TLS

draft-murray-auth-ftp-ssl-06.txt [http] [ftp]
Status: Expires 17 March 2001 Category: Informational
Describes a mechanism for secure authentication based on SSL/TLS (RFC-2246) and the FTP Security Extensions (RFC-2228), modeled after TLS for SMTP (RFC-2487). Uses repsonse code 522 (originally introduced in RFC-2428).

Draft: Protocol Negotiation Extensions to Secure FTP

draft-bonachea-sftp-00.txt [http] [ftp]
Status: Expired January 2000. Category: Informational
Adds refinements for RFC-2228, including a more efficient and secure protocol negotiation in the presence of multiple protocols. Adds one new optional command, DIGT (Protocol Negotiation Digest), and one new response code 538. It defines a legal naming convention for security mechanisms, and lifts the restriction on active outgoing connections only originating from port 20.

Draft: FTP Plus

draft-saul-ftp-plus-00.txt [http] [ftp]
Status: Expired February 2001 Category: Informational
Extends FTP for transferring audio/video files and for network protocol adaptability, It introduces the new XPRT and XPSV commands in the so-called GEN profile. It modifies the STAT, RETR, STOR, and size commands. Several new commands are introduced for the XTP profile: RATE, MCPT, MCPV, MCGC, MCGM, MCGR, MCGS, and a new SITE subcommand, RATE, for bandwidth limiting.

IETF Draft: FTP Authentication Using DSA

draft-ietf-cat-ftpdsaauth-03.txt [http] [ftp]
Status: Expired June 2000 Category: Informational
Updates: RFC-959
Describes a profile for the FTP Security Extensions using the DSA (Digital Signature Algorithm) and the SHA-1 (Secure Hash Standard 1) algorithms.