Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Ertugrul Soeylemez
December 21, 2006, 9:07 pm
rate this thread
noticing it. And I was wondering all the time, why it won't show up
here. Sorry. =)
firstname.lastname@example.org (Marcus Mender) (06-12-17 12:00:42):
=46rom the client's view, certainly TLS and SSL are more convenient, but
for home user purposes, they probably are overkill. At the moment, SSL
and TLS are essentially the same. TLS (v1) is just a container
protocol, which currently encapsulates SSLv3. It might contain newer,
more secure protocols in the future, so TLS is preferable over SSL.
To make those two protocols as secure as possible, you need to deal with
certificates. Server-side certificates are only half of the story.
They only authenticate the server. So if you want to authenticate the
client cryptographically, you will need client certificates. Not all
client programs support that, and there are even some server programs,
However, if you already have an SSH server with key-based authentication
running, and you have got a client that supports SFTP (which is FTP over
an SSH tunnel), then you're already set. You can continue to use your
normal SSH keys for FTP authentication, which is of course preferable in
=46rom the cryptological perspective, yes. There are minor
cryptographical differences, but all in all, their security is
One major reason to prefer SFTP is its simplicity. Setting up a proper
certificate infrastructure for SSL and TLS may be overkill, and requires
some cryptological skills. This is suitable for large networks with
many users. There it would make sense to create an own certificate
authority (CA), which you can use for more things than just FTP. Users
could use the same certificate to securely authenticate to all services
offered by the network.
The downside of SFTP is that there is no trusted arbitrator (a CA in
SSL/TLS terminology). This is good for small networks, but very bad for
In short: Prefer SFTP for home networks and small companies; prefer
SSL/TLS for large enterprise networks.
- » Cloud Ace Technologies is offering Implementation Services on Cloud Computing, Cloud Serv...
- — Newest thread in » Linux Security