FTP is 50 years old

The 16th of April 1971 is not only the date when the Rolling Stone first released Brown Sugar, it is also marked with the publication of RFC 114 marking the birthday of FTP.

Back in those days, the Vietnam war is at the forefront of the news, TCP/IP didn’t exist yet, Jimi Hendrix died 6 months ago, telnet was the new cool kid and some of the most influential rock n roll artists were about to release masterpieces while FTP was using a network protocol called NCP.

Over the years, the FTP protocol got refined with 16 different revisions(*1) adding support with TCP/IP, a secure extension also known as FTPS which is leveraging the same tech as HTTPS and more recent addition like IPv6 support.

Fifty years after its inception, FTP is still going very strong with millions of FTP server still being exposed on the internet which is fairly amazing considering the bad press it gets from so many people and companies like Dropbox writing on how bad FTP is conflating the protocol to a full-fledge product. Not to mention the closest thing they got to the FTP protocol is their far less shinny proprietary API that is only usable if Dropbox is kind enough to grant you a key.

In 2021, what seems to be acknowledged as progress take the form of proprietary protocols made behind closed doors and without any RFC whatsoever. Instead, vendors wanting to create competing servers are left reverse engineering SDKs as how Minio did with S3.

Also, how could we touch the topic of FTP without pointing at the most infamous comment on hacker news which has been a major inspiration source when creating Filestash. Indeed, I believe it shouldn’t matter which protocol the tool my mum uses my mum’s tool is using, as soon as this tool is easy to use, she can transfer those photos she wants to share, open up videos and do all the other things that shouldn’t require her to know about a protocol as our job as engineers is to abstract away all those complicated stuff so that by the magics of abstraction, someone accessing their bank account from the comfort of their browser isn’t expected to pick a cipher when negotiating SSL.

(*1) FTP over the years:

• RFC 114 (April 1971)
• RFC 697 (July 1975): CWD Command
• RFC 765 (June 1980): TCP/IP
• RFC 959 (October 1985): File Transfer Protocol
• RFC 1579 (February 1994): Firewall-Friendly FTP
• RFC 1635 (May 1994): How to Use Anonymous FTP
• RFC 1639 (June 1994): FTP Operation Over Big Address Records
• RFC 1738 (December 1994): Uniform Resource Locators
• RFC 2228 (October 1997): FTP Security Extensions
• RFC 2389 (August 1998): Feature negotiation mechanism for the File Transfer Protocol
• RFC 2428 (September 1998): Extensions for IPv6, NAT, and Extended passive mode
• RFC 2577 (May 1999): FTP Security Considerations
• RFC 2640 (July 1999): Internationalization of the File Transfer Protocol
• RFC 3659 (March 2007): Extensions to FTP
• RFC 5797 (March 2010): FTP Command and Extension Registry
• RFC 7151 (March 2014): File Transfer Protocol HOST Command for Virtual Hosts