INDRA Note 754
IEN 100
May 3rd 1979
Comparison of the DIN FTP and the NI FTP
C. J. Bennett
P. L. Higginson
ABSTRACT: This note assesses the DIN FTP
proposed for AUTODIN II according to
design aims developed in IEN 99. The
facilities available in the DIN FTP are
compared with those in the NI FTP.
2
The FTP proposed by BBN for AUTODIN II is conceptually closely
related to NI FTP. Many of its basic concepts are derived from it,
including the fundamental notions of the conceptual file store and
parameter negotiation. Many of the attributes used are extensions or
restrictions of NI FTP attributes, although the coding is rather
different. Thus the approach taken in this note is to view the DIN FTP
as an alternative approach to realising the same design aims. The two
FTPs are therefore compared according to the design requirements
developed in IEN 99. Additionally, where the FTPs differ significantly
in the facilities offered to the user, these facilities are compared
directly.
DIN FTP AND THE NI FTP DESIGN REQUIREMENTS
(i) Transport service independence. The DIN FTP makes the following
assumptions about the underlying transport service:
(a) The transport service will provide a synchronised sequenced
stream of octets between the two ends. This is the same as the NI
FTP.
(b) All recoverable errors are handled by the transport service.
(This is by implication, as the point is not explicitly discussed.
This is certainly the level of service provided by TCP). As the
DIN FTP incorporates all the recovery mechanisms of the NI FTP,
this defect can be easily remedied, but as the specification stands
it cannot be used above X25 or similar services, which use a
transport service RESET involving loss of data.
(c) The identity of the host of the connection initiator will be
made available by the transport service (as all references to the
'Controlling Host ID' and 'Active Host ID' are by citation). This
is of course a reasonable assumption but not a necessary one. For
example, the UCL NI FTP project is investigating NI FTP above
mapped concatenated virtual calls. In this situation, the only
addressing information which could be supplied from a transport
service is the address of the last transport protocol convertor.
(d) Any implementation using the UserID parameter assumes the
transport service will perform authentication actions at all sites
involved in the transfer. This assumption is only true of the
Secure TCP; hence implementations using this parameter can only be
used on AUTODIN II. We will return to the issue of access control
below.
(ii) Supportable applications. The DIN FTP has removed several options
of the NI FTP which are useful in this regard. These include:
(a) The ability to mix codes in a file. There are several
applications where this is useful, such as job output and graphics.
An example of more immediate interest is mixed FAX and text
messages. This restriction is arbitrary and could easily be
3
removed from the DIN FTP (though the FileDataType parameter must be
redefined to be bit-coded).
(b) Knowledge of the output device type. This prevents the DIN FTP
from being used in spooling applications.
(c) The distinction between selectors and modifiers. This is a
property of the conceptual filestore. Its use is not very apparent
in the NI FTP as such, but it enables other protocols such as Job
Transfer and File Management protocols to be built easily.
(Consider the difference between 'Select File with FileName X' and
'Modify (selected) FileName to X'.) The topic of other protocols
will be returned to later.
(d) The ability to readily trace file transfers in system logs
through the Monitor Message parameter. This is particularly useful
for error tracing and for following up user complaints.
(iii) Operating system independence. The DIN FTP has removed several
attributes which will make it difficult to implement it on some
operating systems. In particular we note the following NI FTP
attributes omitted in the DIN FTP which may cause problems in this
regard:
(a) Maximum Transfer Size. This refers to the amount of data that
will actually be transferred; the Maximum File Size is the size the
resultant file may not exceed. The two are conceptually different,
and may have different effects. On some systems (eg IBM's OS360,
GEC 4080) the Maximum File Size, reserved at file creation time,
sets a limit for all eternity, and must cover all anticipated
appends. The DIN FTP's MaximumFileSize parameter is in fact a
MaximumTransferSize parameter.
(b) Filename Password. Files may legitimately be accessed (even on
TENEX) by giving an appropriate key without the user being
recognised as the owner of that file. Some IBM systems can require
a legitimately logged in user to provide an additional
file-specific password before access is granted to a file.
(c) Account Password. Usernames and Accountnames are conceptually
orthogonal. In systems where a 'username' corresponds to a
superdirectory shared between many different users, these may
distinguished by accounts with a separate level of password
protection. An example of this kind of double lock is the
superuser mode on UCL's UNIX.
The issue here is not one of meeting the peculiarities of particular
operating systems. The rationale behind such features of the NI FTP is
that they represent different fundamental concepts, and that even though
some systems may not find the distinctions important, it was foreseen
that some implementations and applications would find them very
4
necessary. Nevertheless, it should be stressed that the NI FTP design
group had experience of a wide range of operating systems, most of which
are commonly used in the UK. The attributes introduced were all found
to be either immediately necessary, or represented areas in which it was
felt "escape routes" should be provided.
(iv) Extendability. There are two aspects to this question. One is the
provision of "escape routes", mentioned above. The NI FTP spec
identifies several areas where such escape routes are needed, notably:
Access Control (via the 'Account Password', which, as we saw above, can
be used to cover secondary levels of protection); File Description (via
'Kinship'); Data coding (via the 'Private Codes' selector); and special
processing (via 'Special Options'). With the exception of Private
Codes, these are omitted from the DIN FTP. The DIN FTP does provide a
'HostHardwareTypes' escape parameter; this extends a feature which is
not supported by NI FTP for reasons discussed below.
The second aspect is protocol extension. As discussed above, the NI FTP
readily extends to new attributes during the negotiation phase. The
inclusion of new data transfer management commands (level 1) is more
difficult than with DIN FTP, but the memoryless transfer model means
that very few such commands should really be needed. The mechanisms for
negotiating sets of protocol extensions (with option sets, relational
operators and so on) are very similar in both protocols. (A minor point
is that the NI FTP has attempted to bit-encode option selectors and
operators. This allows, for example, a natural extension of the
protocol to include LT and GT operators.)
FACILITIES COMPARISON
(i) The three party transfer model. The approach taken by the DIN FTP
is not actually incompatible with the NI FTP, and one could quite
reasonably implement an NI FTP (or a whole family of implementations)
which used a private Controller/Active protocol, with extensions such as
'SourceFile', 'SourceUser', etc, and necessary additional commands such
as 'Disconnect'.
(ii) Access Control. We have presented above our reasons for believing
that the DIN FTP is inadequate as a general-purpose FTP in this regard.
The (very strong) access control available on AUTODIN II is transport
service specific, and implementations which support it are not portable.
Use of this facility will tend to create a "closed community" of FTP
implementations. The network-independent attributes provided for access
control will not always be sufficient. The three party model used also
allows the Active site to inspect the access control parameters issued
by the controller for the Passive, which could lead to security problems
when authentication is an important issue. (Obviously this cannot
happen in a two-party model).
Access control is not really an FTP issue. Different systems can choose
different methods: source host lists, recall addresses, and password
protection are three. An FTP should have hooks for providing
5
information to systems where the access control is password based, but
this is simply a channel for contending with one type of access control.
The actual requirements for access control are implementation-specific.
The argument that single-host ownership of files is a major impediment
to distributed file sharing is undeniable, but we feel that it is not
the job of an FTP to solve this problem. As and when solutions become
available they should be exploited by FTP implementations, but the best
that the protocol specification can do is to recognise the existing
state of chaos.
(iii) The DIN FTP provides formal grades of implementation. The NI FTP
is more flexible, as it allows specific implementations to suit their
own needs and facilities, and it is only recommended that all
implementations support a defined set of defaults, while 'core' DIN FTP
attributes are all required. Thus a very specific NI FTP implementation
can be built for a specialised device which does not support unnecessary
default values. (We at UCL intend to exploit this feature of NI FTP in
our FAX project).
At a more philosophical level, this reflects the design environments
from which the FTPs emerged - the NI FTP is being offered as a basis for
standardisation for any group. These cannot be controlled by any
central or regulating body; the DIN FTP assumes the more closed and
controlled environment of AUTODIN II.
(iv) The Data Transfer Protocol. We are unconvinced that the formal
separation of a data transfer protocol is a useful extension. As far as
the FTP is concerned, it is little different from the NI FTP records
during the data transfer phase, but complicates the formatting of NI FTP
commands considerably. An NI FTP SFT, as generated by the current TENEX
version, may occupy 78 octets complete with headers; with the DTP the
equivalent SFT requires 28 sets of headers instead of 2, and occupies
131 octets. (With data segments, the NI FTP is more efficient for
records of less than 126 bytes, and the DTP becomes more efficient than
NI FTP for records exceeding 189 octets, though the difference is
marginal). Where efficiency may become important is in data
compression. The NI FTP breakeven point for compression is 3 data
bytes; for the DIN FTP it is between 5 and 7 bytes (depending on how
many control headers are involved).
However, the basic point at issue is whether the DTP is the right place
to provide hooks for more sophisticated protocols. We contend that most
such protocols (job entry, FAX, graphics, mail etc) will rely on
primitives manipulating whole files. Hence the point of departure
should be the conceptual file store and the attributes and negotiation
mechanisms used to control a file within it. Once this has been
accepted, protocols performing other file-based functions can use these
common descriptions and mechanisms.
(v) Partial File Transfers. This is a useful facility available only in
the DIN FTP. The associated abilities to describe file structure as
indexed, variable record etc, and to nominate the keylength field length
6
are also useful. The fact that the NI FTP is restricted to sequential
files is recognised to be a major limitation. In the NI FTP model, an
extension to handle partial file transfer could negotiate the pair of
transfer delimiters during the negotiation phase, and transfer a single
sequential section of the file during the transfer phase. Thus the
feature is supportable by extension, but requires the definition of
several new parameters.
(vi) Multiple file transfers. Both protocols can readily support
multiple file transfers, though the details vary. The NI FTP requires
the passive side to be reinitialised each time, which protects against
parameter interdependencies persisting between transfers (see (vii)
below). Thus the facility becomes a problem for the designer of the
user interface. The same remark, of course, apples to multiple partial
transfers.
(vii) Parameter Negotiation. This is much more formal in DIN FTP than
NI FTP. In particular, parameters are explicitly grouped into different
commands (Login, TransactionDescription and TransferDescription). The
reasons for preserving this distinction beyond the user interface rather
than issuing a single SFT, which allows an operating system total
freedom to make its own weird assumptions about the relationships of
parameters, are unclear.
The whole problem of interactions between parameters is potentially very
complex, and it was for this reason that the NI FTP design precludes
multiple attempts at SFT after a rejection. The parameter settings left
from the last transfer, or negotiation attempt, may have undesired
consequences on the next.
The DIN FTP also allows an attribute to be specified several times
within a command, which the NI FTP prohibits (except for one
experimental version). The specification uses multiple citations of
SourceFileName as the example for this. Since it is not intended that
this ability be used to set ranges of restrictions (eg ByteSize ge 8 and
le 36 but ne 22), this case seems to be the only possible use outside of
statistics collection.
(viii) File Management Primitives. The NI FTP group has taken the
attitude that file management is the proper function of another
(compatible) protocol providing the complete range of facilities and
using the same conceptual filestore structure. Hence the NI FTP's file
manipulation, as expressed by the Mode of Access attribute, is solely
related to copying files. The access modes of NI FTP are all
supportable by the DIN FTP, with the exception of 'destructive read'.
DIN FTP provides two file management primitives: Delete and ListNames.
Delete is, of course, easy to implement. ListNames is a directory
interrogation facility, and is primarily useful for obtaining lists of
filenames for subsequent multiple file transfer. This is of more
limited use with the NI FTP's two-party model than with the DIN FTP's
three party model, and can only be used to full advantage where grouped
file specification is possible.
7
(ix) Foreground and background mode. In practise, we can see very few
differences between them, as all three parties must be involved in the
entire negotiation phase. Essentially, the difference is that the
Controller/Active and Active/Passive connections do not have to be
simultaneously open but can be opened as needed (eg the controller may
have to answer a LoginRequest from a passive in background mode) that
is, in background mode all three parties retain records of the
transaction specification. This is a consequence of the three-party
model; in the NI FTP it is a user interface issue and an implementation
may be either foreground or background.
(x) Host Type. There are two ways this type of parameter can be used.
It is clearly useful for a user interface to offer shorthand profiles
for various parameter settings. The DIN FTP takes the alternative
approach in which the parameter allows transfers between identical
systems in efficient ways, but these are not defined within the DIN FTP
specification. We do not feel this is desirable, and we question the
implied assumption that it is not necessary. Noncommunicating families
of FTPs can build up local interpretations for parameters of this sort.
When, at a later date, it becomes possible for two such groups to
interconnect, the local interpretations will be found to be
incompatible. This facility again reflects the fact that the DIN FTP is
developed for the AUTODIN II environment; in our opinion, this type of
facility should be implemented in the user interface via a profile
mechanism in a more open environment.
(xi) Format Effectors. All additions made by the DIN FTP to the NI FTP
list can be adequately described within that list (with the ANSI Fortran
Format setting). The DIN FTP restriction that bits 1, 2 and 4 cannot
interact is unnecessary (For example, it is perfectly reasonable to mix
imbedded Horizontal Tabs with the reqiuirement that End-of-Record
implies end of line). We doubt whether the ability to change format
settings during the transmission of data is a capability which will be
widely used. In any case, we do not think that there should be a
mandatory TextFormatter between records, and feel that the restriction
that DTP segments should only contain whole lines is unnecessary. The
Tabstops attribute may be a useful idea. As is currently defined,
however, it requires the receiver to keep table space for it; we
recommend a fixed tab interval that can be changed as an option. This
approach could easily be supported by the NI FTP. We note that the NI
FTP's earlier breakeven point for compression makes compression an
attractive approach to this problem.
(xii) Rollback. Extending Rollback to allow the sender to request the
receiver to rollback is probably a good idea. However, it is
potentially more difficult for the receiver to roll back than it is for
the sender as his internal checkpoints may not correspond at all to the
FTP's CheckPoints (which are likely to correspond to internal
checkpoints of the sender). Hence he may have to keep track of at least
a window's worth of FTP checkpoints, whether acknowledged or not.
Additionally, he must be able to retrieve the stored data. Some
acknowledgement strategies (eg Ack a full window only) will sometimes
8
require the receiver to retain checkpoint information for even longer to
avoid races between Rollback from the Donor and CheckPoint
Acknowledgement from the Recipient.
(xiii) CheckPoints. A 16 bit checkpoint field seems rather large;
allowing the checkpoints to be any arbitrary numbers forces
implementations to keep tables of unacknowledged checkpoints, which may
not be necessary with NI FTP.
(xiv) Statistics Parameters. Defining statistics parameters for the
active side is a reasonable consequence of the three party model.
Standard statistics for the passive side is not so obviously useful; it
seems to imply a model whereby statistics are gathered by some central
FTP Monitoring Centre, especially as these are required parameters. If
true, this is again a reflection of the more closed environment of
AUTODIN II.
(xv) Binary Mapping. This is a problem area with both protocols, and
for much the same reasons. These are:
(a) For files where the byte size is less than eight, and bytes are
being transferred in packed mode, it is not always possible to tell
exactly how many bytes a subrecord contains. The DIN FTP has
proposed using a flag pattern as a solution to this problem.
(b) One of the reasons for transferring bytes in packed mode for
byte sizes of other than eight bits is to allow a 'natural'
transfer for systems which do not use eight bit bytes internally.
This is largely negated by the fact that the subrecord header is
fixed to be an eight bit byte.
(c) It has recently become clear that specifying the conceptual
transmission order of the bits has introduced a 'handedness' into
the protocol. The DIN FTP, which follows the 1822 convention that
the high bit is transmitted first, can be regarded as lefthanded,
while the NI FTP, which makes the opposite choice (following X25),
can be regarded as righthanded. An implementation of one
handedness wishing to send aligned data to one of the other (or
even across a hardware interface of the other handedness, relative
to the internal word) must first permute all octets holding a
larger bytesized byte. (Where the transfer is in packed mode, the
action is even more complex.)
The NI FTP suffers from all three problems; the DIN FTP has adopted a
solution to the first. The NI FTP group is studying this area as one in
urgent need of revision.
SUMMARY
The DIN FTP reflects in many ways assumptions about the environment
provided by AUTODIN II. It is TCP-dependent to a small extent (and in
its Access Control it is Secure TCP dependent). Its set of attributes
9
and choice of commands limit the range of applications it can be used
for and the range of operating systems it can be easily implemented on.
Several attributes and the formality of the implementation levels
reflect a situation where implementation is under a stronger central
influence than the NI FTP. All these factors militate against its use
in the more open, uncontrolled environment of the worldwide network
research community.
The two protocols are very closely related. Even some seemingly
major differences can be resolved by regarding DIN FTP specification as
describing one form of NI FTP implementation (for instance, the three
party model, multiple file transfers, and foreground/background modes).
Both are significant advances on other FTPs which are currently in use.
The DIN FTP offers several extensions to the facilities available in the
NI FTP, and some of these (most notably, partial file transfers) are
real advances on it. However, where the two offer comparable
facilities, we feel the NI FTP is usually to be preferred. The DIN FTP
tends to be more restrictive in the use of its facilities, and where it
is more free than the NI FTP, it tends to be rather expensive for the
implementor to support in terms of the gains achieved. Extensions can
easily be made to the NI FTP to include the real improvements which do
exist in the DIN FTP.