RFC 4823, "FTP Transport for Secure Peer-to-Peer Business Data Interchange over the Internet", April 2007

Note: This RFC has been updated by RFC 8996

Errata ID: 6234
Status: Verified
Type: Editorial
Publication Format(s) : TEXT
Reported By: Benjamin Kaduk
Date Reported: 2020-07-23
Verifier Name: Barry Leiba
Date Verified: 2020-08-04

Section 6.1 says:

   the AUTH command described within [4].  While any authentication
   mechanism based upon [4] MAY be utilized, AUTH TLS (as described in
   [18]) MUST be supported. (Note that [18] relies on TLS Version 1.0
   [13], not Version 1.1 [23].)

It should say:

   the AUTH command described within [4].  While any authentication
   mechanism based upon [4] MAY be utilized, AUTH TLS (as described in
   [18]) MUST be supported. (Note that TLS Version 1.1 [23] is the current
   version of TLS, though [18] references the older Version 1.0 [13].)

Notes:

RFC 4217 (reference [18]) does not specifically require TLS version 1.0. It references RFC 2246 (TLS 1.0) solely because that was the only version of TLS specified at the time of its publication. Securing FTP with TLS merely requires a version of TLS, not a specific version of TLS, so this document should refer to the current version of TLS at the time of its own publication.

Note that [13] is listed as a normative reference and [23] an informative reference; in light of the above correction the normative/informative statuses should be swapped.

Report New Errata