INDRA Note 754 IEN 100 May 3rd 1979 Comparison of the DIN FTP and the NI FTP C. J. Bennett P. L. Higginson ABSTRACT: This note assesses the DIN FTP proposed for AUTODIN II according to design aims developed in IEN 99. The facilities available in the DIN FTP are compared with those in the NI FTP. 2 The FTP proposed by BBN for AUTODIN II is conceptually closely related to NI FTP. Many of its basic concepts are derived from it, including the fundamental notions of the conceptual file store and parameter negotiation. Many of the attributes used are extensions or restrictions of NI FTP attributes, although the coding is rather different. Thus the approach taken in this note is to view the DIN FTP as an alternative approach to realising the same design aims. The two FTPs are therefore compared according to the design requirements developed in IEN 99. Additionally, where the FTPs differ significantly in the facilities offered to the user, these facilities are compared directly. DIN FTP AND THE NI FTP DESIGN REQUIREMENTS (i) Transport service independence. The DIN FTP makes the following assumptions about the underlying transport service: (a) The transport service will provide a synchronised sequenced stream of octets between the two ends. This is the same as the NI FTP. (b) All recoverable errors are handled by the transport service. (This is by implication, as the point is not explicitly discussed. This is certainly the level of service provided by TCP). As the DIN FTP incorporates all the recovery mechanisms of the NI FTP, this defect can be easily remedied, but as the specification stands it cannot be used above X25 or similar services, which use a transport service RESET involving loss of data. (c) The identity of the host of the connection initiator will be made available by the transport service (as all references to the 'Controlling Host ID' and 'Active Host ID' are by citation). This is of course a reasonable assumption but not a necessary one. For example, the UCL NI FTP project is investigating NI FTP above mapped concatenated virtual calls. In this situation, the only addressing information which could be supplied from a transport service is the address of the last transport protocol convertor. (d) Any implementation using the UserID parameter assumes the transport service will perform authentication actions at all sites involved in the transfer. This assumption is only true of the Secure TCP; hence implementations using this parameter can only be used on AUTODIN II. We will return to the issue of access control below. (ii) Supportable applications. The DIN FTP has removed several options of the NI FTP which are useful in this regard. These include: (a) The ability to mix codes in a file. There are several applications where this is useful, such as job output and graphics. An example of more immediate interest is mixed FAX and text messages. This restriction is arbitrary and could easily be 3 removed from the DIN FTP (though the FileDataType parameter must be redefined to be bit-coded). (b) Knowledge of the output device type. This prevents the DIN FTP from being used in spooling applications. (c) The distinction between selectors and modifiers. This is a property of the conceptual filestore. Its use is not very apparent in the NI FTP as such, but it enables other protocols such as Job Transfer and File Management protocols to be built easily. (Consider the difference between 'Select File with FileName X' and 'Modify (selected) FileName to X'.) The topic of other protocols will be returned to later. (d) The ability to readily trace file transfers in system logs through the Monitor Message parameter. This is particularly useful for error tracing and for following up user complaints. (iii) Operating system independence. The DIN FTP has removed several attributes which will make it difficult to implement it on some operating systems. In particular we note the following NI FTP attributes omitted in the DIN FTP which may cause problems in this regard: (a) Maximum Transfer Size. This refers to the amount of data that will actually be transferred; the Maximum File Size is the size the resultant file may not exceed. The two are conceptually different, and may have different effects. On some systems (eg IBM's OS360, GEC 4080) the Maximum File Size, reserved at file creation time, sets a limit for all eternity, and must cover all anticipated appends. The DIN FTP's MaximumFileSize parameter is in fact a MaximumTransferSize parameter. (b) Filename Password. Files may legitimately be accessed (even on TENEX) by giving an appropriate key without the user being recognised as the owner of that file. Some IBM systems can require a legitimately logged in user to provide an additional file-specific password before access is granted to a file. (c) Account Password. Usernames and Accountnames are conceptually orthogonal. In systems where a 'username' corresponds to a superdirectory shared between many different users, these may distinguished by accounts with a separate level of password protection. An example of this kind of double lock is the superuser mode on UCL's UNIX. The issue here is not one of meeting the peculiarities of particular operating systems. The rationale behind such features of the NI FTP is that they represent different fundamental concepts, and that even though some systems may not find the distinctions important, it was foreseen that some implementations and applications would find them very 4 necessary. Nevertheless, it should be stressed that the NI FTP design group had experience of a wide range of operating systems, most of which are commonly used in the UK. The attributes introduced were all found to be either immediately necessary, or represented areas in which it was felt "escape routes" should be provided. (iv) Extendability. There are two aspects to this question. One is the provision of "escape routes", mentioned above. The NI FTP spec identifies several areas where such escape routes are needed, notably: Access Control (via the 'Account Password', which, as we saw above, can be used to cover secondary levels of protection); File Description (via 'Kinship'); Data coding (via the 'Private Codes' selector); and special processing (via 'Special Options'). With the exception of Private Codes, these are omitted from the DIN FTP. The DIN FTP does provide a 'HostHardwareTypes' escape parameter; this extends a feature which is not supported by NI FTP for reasons discussed below. The second aspect is protocol extension. As discussed above, the NI FTP readily extends to new attributes during the negotiation phase. The inclusion of new data transfer management commands (level 1) is more difficult than with DIN FTP, but the memoryless transfer model means that very few such commands should really be needed. The mechanisms for negotiating sets of protocol extensions (with option sets, relational operators and so on) are very similar in both protocols. (A minor point is that the NI FTP has attempted to bit-encode option selectors and operators. This allows, for example, a natural extension of the protocol to include LT and GT operators.) FACILITIES COMPARISON (i) The three party transfer model. The approach taken by the DIN FTP is not actually incompatible with the NI FTP, and one could quite reasonably implement an NI FTP (or a whole family of implementations) which used a private Controller/Active protocol, with extensions such as 'SourceFile', 'SourceUser', etc, and necessary additional commands such as 'Disconnect'. (ii) Access Control. We have presented above our reasons for believing that the DIN FTP is inadequate as a general-purpose FTP in this regard. The (very strong) access control available on AUTODIN II is transport service specific, and implementations which support it are not portable. Use of this facility will tend to create a "closed community" of FTP implementations. The network-independent attributes provided for access control will not always be sufficient. The three party model used also allows the Active site to inspect the access control parameters issued by the controller for the Passive, which could lead to security problems when authentication is an important issue. (Obviously this cannot happen in a two-party model). Access control is not really an FTP issue. Different systems can choose different methods: source host lists, recall addresses, and password protection are three. An FTP should have hooks for providing 5 information to systems where the access control is password based, but this is simply a channel for contending with one type of access control. The actual requirements for access control are implementation-specific. The argument that single-host ownership of files is a major impediment to distributed file sharing is undeniable, but we feel that it is not the job of an FTP to solve this problem. As and when solutions become available they should be exploited by FTP implementations, but the best that the protocol specification can do is to recognise the existing state of chaos. (iii) The DIN FTP provides formal grades of implementation. The NI FTP is more flexible, as it allows specific implementations to suit their own needs and facilities, and it is only recommended that all implementations support a defined set of defaults, while 'core' DIN FTP attributes are all required. Thus a very specific NI FTP implementation can be built for a specialised device which does not support unnecessary default values. (We at UCL intend to exploit this feature of NI FTP in our FAX project). At a more philosophical level, this reflects the design environments from which the FTPs emerged - the NI FTP is being offered as a basis for standardisation for any group. These cannot be controlled by any central or regulating body; the DIN FTP assumes the more closed and controlled environment of AUTODIN II. (iv) The Data Transfer Protocol. We are unconvinced that the formal separation of a data transfer protocol is a useful extension. As far as the FTP is concerned, it is little different from the NI FTP records during the data transfer phase, but complicates the formatting of NI FTP commands considerably. An NI FTP SFT, as generated by the current TENEX version, may occupy 78 octets complete with headers; with the DTP the equivalent SFT requires 28 sets of headers instead of 2, and occupies 131 octets. (With data segments, the NI FTP is more efficient for records of less than 126 bytes, and the DTP becomes more efficient than NI FTP for records exceeding 189 octets, though the difference is marginal). Where efficiency may become important is in data compression. The NI FTP breakeven point for compression is 3 data bytes; for the DIN FTP it is between 5 and 7 bytes (depending on how many control headers are involved). However, the basic point at issue is whether the DTP is the right place to provide hooks for more sophisticated protocols. We contend that most such protocols (job entry, FAX, graphics, mail etc) will rely on primitives manipulating whole files. Hence the point of departure should be the conceptual file store and the attributes and negotiation mechanisms used to control a file within it. Once this has been accepted, protocols performing other file-based functions can use these common descriptions and mechanisms. (v) Partial File Transfers. This is a useful facility available only in the DIN FTP. The associated abilities to describe file structure as indexed, variable record etc, and to nominate the keylength field length 6 are also useful. The fact that the NI FTP is restricted to sequential files is recognised to be a major limitation. In the NI FTP model, an extension to handle partial file transfer could negotiate the pair of transfer delimiters during the negotiation phase, and transfer a single sequential section of the file during the transfer phase. Thus the feature is supportable by extension, but requires the definition of several new parameters. (vi) Multiple file transfers. Both protocols can readily support multiple file transfers, though the details vary. The NI FTP requires the passive side to be reinitialised each time, which protects against parameter interdependencies persisting between transfers (see (vii) below). Thus the facility becomes a problem for the designer of the user interface. The same remark, of course, apples to multiple partial transfers. (vii) Parameter Negotiation. This is much more formal in DIN FTP than NI FTP. In particular, parameters are explicitly grouped into different commands (Login, TransactionDescription and TransferDescription). The reasons for preserving this distinction beyond the user interface rather than issuing a single SFT, which allows an operating system total freedom to make its own weird assumptions about the relationships of parameters, are unclear. The whole problem of interactions between parameters is potentially very complex, and it was for this reason that the NI FTP design precludes multiple attempts at SFT after a rejection. The parameter settings left from the last transfer, or negotiation attempt, may have undesired consequences on the next. The DIN FTP also allows an attribute to be specified several times within a command, which the NI FTP prohibits (except for one experimental version). The specification uses multiple citations of SourceFileName as the example for this. Since it is not intended that this ability be used to set ranges of restrictions (eg ByteSize ge 8 and le 36 but ne 22), this case seems to be the only possible use outside of statistics collection. (viii) File Management Primitives. The NI FTP group has taken the attitude that file management is the proper function of another (compatible) protocol providing the complete range of facilities and using the same conceptual filestore structure. Hence the NI FTP's file manipulation, as expressed by the Mode of Access attribute, is solely related to copying files. The access modes of NI FTP are all supportable by the DIN FTP, with the exception of 'destructive read'. DIN FTP provides two file management primitives: Delete and ListNames. Delete is, of course, easy to implement. ListNames is a directory interrogation facility, and is primarily useful for obtaining lists of filenames for subsequent multiple file transfer. This is of more limited use with the NI FTP's two-party model than with the DIN FTP's three party model, and can only be used to full advantage where grouped file specification is possible. 7 (ix) Foreground and background mode. In practise, we can see very few differences between them, as all three parties must be involved in the entire negotiation phase. Essentially, the difference is that the Controller/Active and Active/Passive connections do not have to be simultaneously open but can be opened as needed (eg the controller may have to answer a LoginRequest from a passive in background mode) that is, in background mode all three parties retain records of the transaction specification. This is a consequence of the three-party model; in the NI FTP it is a user interface issue and an implementation may be either foreground or background. (x) Host Type. There are two ways this type of parameter can be used. It is clearly useful for a user interface to offer shorthand profiles for various parameter settings. The DIN FTP takes the alternative approach in which the parameter allows transfers between identical systems in efficient ways, but these are not defined within the DIN FTP specification. We do not feel this is desirable, and we question the implied assumption that it is not necessary. Noncommunicating families of FTPs can build up local interpretations for parameters of this sort. When, at a later date, it becomes possible for two such groups to interconnect, the local interpretations will be found to be incompatible. This facility again reflects the fact that the DIN FTP is developed for the AUTODIN II environment; in our opinion, this type of facility should be implemented in the user interface via a profile mechanism in a more open environment. (xi) Format Effectors. All additions made by the DIN FTP to the NI FTP list can be adequately described within that list (with the ANSI Fortran Format setting). The DIN FTP restriction that bits 1, 2 and 4 cannot interact is unnecessary (For example, it is perfectly reasonable to mix imbedded Horizontal Tabs with the reqiuirement that End-of-Record implies end of line). We doubt whether the ability to change format settings during the transmission of data is a capability which will be widely used. In any case, we do not think that there should be a mandatory TextFormatter between records, and feel that the restriction that DTP segments should only contain whole lines is unnecessary. The Tabstops attribute may be a useful idea. As is currently defined, however, it requires the receiver to keep table space for it; we recommend a fixed tab interval that can be changed as an option. This approach could easily be supported by the NI FTP. We note that the NI FTP's earlier breakeven point for compression makes compression an attractive approach to this problem. (xii) Rollback. Extending Rollback to allow the sender to request the receiver to rollback is probably a good idea. However, it is potentially more difficult for the receiver to roll back than it is for the sender as his internal checkpoints may not correspond at all to the FTP's CheckPoints (which are likely to correspond to internal checkpoints of the sender). Hence he may have to keep track of at least a window's worth of FTP checkpoints, whether acknowledged or not. Additionally, he must be able to retrieve the stored data. Some acknowledgement strategies (eg Ack a full window only) will sometimes 8 require the receiver to retain checkpoint information for even longer to avoid races between Rollback from the Donor and CheckPoint Acknowledgement from the Recipient. (xiii) CheckPoints. A 16 bit checkpoint field seems rather large; allowing the checkpoints to be any arbitrary numbers forces implementations to keep tables of unacknowledged checkpoints, which may not be necessary with NI FTP. (xiv) Statistics Parameters. Defining statistics parameters for the active side is a reasonable consequence of the three party model. Standard statistics for the passive side is not so obviously useful; it seems to imply a model whereby statistics are gathered by some central FTP Monitoring Centre, especially as these are required parameters. If true, this is again a reflection of the more closed environment of AUTODIN II. (xv) Binary Mapping. This is a problem area with both protocols, and for much the same reasons. These are: (a) For files where the byte size is less than eight, and bytes are being transferred in packed mode, it is not always possible to tell exactly how many bytes a subrecord contains. The DIN FTP has proposed using a flag pattern as a solution to this problem. (b) One of the reasons for transferring bytes in packed mode for byte sizes of other than eight bits is to allow a 'natural' transfer for systems which do not use eight bit bytes internally. This is largely negated by the fact that the subrecord header is fixed to be an eight bit byte. (c) It has recently become clear that specifying the conceptual transmission order of the bits has introduced a 'handedness' into the protocol. The DIN FTP, which follows the 1822 convention that the high bit is transmitted first, can be regarded as lefthanded, while the NI FTP, which makes the opposite choice (following X25), can be regarded as righthanded. An implementation of one handedness wishing to send aligned data to one of the other (or even across a hardware interface of the other handedness, relative to the internal word) must first permute all octets holding a larger bytesized byte. (Where the transfer is in packed mode, the action is even more complex.) The NI FTP suffers from all three problems; the DIN FTP has adopted a solution to the first. The NI FTP group is studying this area as one in urgent need of revision. SUMMARY The DIN FTP reflects in many ways assumptions about the environment provided by AUTODIN II. It is TCP-dependent to a small extent (and in its Access Control it is Secure TCP dependent). Its set of attributes 9 and choice of commands limit the range of applications it can be used for and the range of operating systems it can be easily implemented on. Several attributes and the formality of the implementation levels reflect a situation where implementation is under a stronger central influence than the NI FTP. All these factors militate against its use in the more open, uncontrolled environment of the worldwide network research community. The two protocols are very closely related. Even some seemingly major differences can be resolved by regarding DIN FTP specification as describing one form of NI FTP implementation (for instance, the three party model, multiple file transfers, and foreground/background modes). Both are significant advances on other FTPs which are currently in use. The DIN FTP offers several extensions to the facilities available in the NI FTP, and some of these (most notably, partial file transfers) are real advances on it. However, where the two offer comparable facilities, we feel the NI FTP is usually to be preferred. The DIN FTP tends to be more restrictive in the use of its facilities, and where it is more free than the NI FTP, it tends to be rather expensive for the implementor to support in terms of the gains achieved. Extensions can easily be made to the NI FTP to include the real improvements which do exist in the DIN FTP.