Movatterモバイル変換

Network Working Group                                            E. LearRequest for Comments: 3617                                 Cisco SystemsCategory: Informational                                     October 2003Uniform Resource Identifier (URI) Scheme andApplicability Statement for theTrivial File Transfer Protocol (TFTP)Status of this Memo   This memo provides information for the Internet community.  It does   not specify an Internet standard of any kind.  Distribution of this   memo is unlimited.Copyright Notice   Copyright (C) The Internet Society (2003).  All Rights Reserved.Abstract   The Trivial File Transfer Protocol (TFTP) is a very simple TRIVIAL   protocol that has been in use on the Internet for quite a long time.   While this document discourages its continued use, largely due to   security concerns, we do define a Uniform Resource Identifier (URI)   scheme, as well as discuss the protocol's applicability.1.  Introduction   The Trivial File Transfer Protocol (TFTP) has been around for quite   some time.  Its common uses are to initially configure devices or to   load new versions of operating system code [1].  As devices begin to   adopt use of Uniform Resource Identifiers (URIs) and Uniform Resource   Locators (URLs), for completeness we specify a way to reference files   that is still quite common.  Use of a URI is a convenient way to   indicate underlying mechanism, server name or address, and file name.   WHILE WE DEFINE THE TFTP URI TYPE, WE STRONGLY RECOMMEND AGAINST THE   CONTINUED USE OF TFTP, FOR REASONS LISTED INSECTION 5 (amongst   others).  The definition of a URI merely allows tools that currently   use protocols such as TFTP to have a standard name space and   structure where one can understand the process used to resolve that   name.  Indeed it is hoped that the definition of this URI will ease   transition to modern file transfer mechanisms.Lear                         Informational                      [Page 1]

RFC 3617                  URI Scheme for TFTP               October 20032.  Syntax of a TFTP URI   A TFTP URI has the following ABNF syntax [2]:   tftpURI         = "tftp://" host "/" file [ mode ]   mode            = ";"  "mode=" ( "netascii" / "octet" )   file            = *( unreserved / escaped )   host            = <as specified byRFC 2732 [3]>   unreserved      = <as specified inRFC 2396 [4]>   escaped         = <as specified inRFC 2396>   A TFTP URI specifies a file that is to be found or placed on a TFTP   server.  The "mode" option is an option indicating how the file is to   be transferred.  If left unspecified, the mode is assumed to be   "octet".  A third "mail" mode was deprecated at the timeRFC 1350 was   adopted, and is not specified.2.1.  Encoding Rules   Aside from syntax as described above, the TFTP protocol does not   specify length limits to either file names or file sizes.  In the   case of file names, they may contain any character so long as those   characters are properly escaped as described above.3.  Semantics and Operations   As previously stated the TFTP URI is a reference to a file.  The   allowed operations on a TFTP URI are read and write.  When a TFTP URI   is read the underlying mechanisms retrieve the named file via the   TFTP protocol from the specified host with the optionally specified   mode.  When a TFTP URI is written the underlying mechanisms transmit   a file via TFTP to a specified server to either the specified file   using the optionally specified mode.  No other operations are   supported.   Note that it is not possible to retrieve file size information prior   to retrieval, nor is it possible to determine file existence or   permissions prior to transfer.  Files transferred may or may not   arrive intact, as there is no guarantee of reliability or even   completeness.  See the TFTP standard for more details.  For more   robust file transfer, consider using either FTP or HTTP [5,6].Lear                         Informational                      [Page 2]

RFC 3617                  URI Scheme for TFTP               October 20034. Examples      tftp://example.com/myconfigurationfile;mode=netascii   This example references file "myconfigurationfile" on server   "example.com" and requests that the transfer occur in netascii mode.      tftp://example.com/mystartupfile   This file references file "mystartupfile" on server "example.com".   The transfer should occur in octet mode, since no other mode was   specified.5.  Security Considerations and Concerns about TFTP's use   Use of TFTP has been historically limited to those devices where a   more full protocol stack is impractical due to either memory or CPU   constraints.  While this still may be the case with a toaster, it is   unlikely to be the case for even the simplest piece of network   support hardware, such as simple routers or switches.  There are a   myriad of reasons to use some protocol other than TFTP, only a few of   which are listed below.   TFTP has no mechanism for access control within the protocol, and   there is no protection from a man in the middle attack.   Implementations are left to their own devices in this area.  Because   TFTP has no way to determine file sizes in advance, implementations   should be prepared to properly check the bounds of transfers so that   neither memory nor disk limitations are exceeded.   TFTP is not well suited to large files for the following reasons.   TFTP has no inherent integrity check.  There is no way to determine   what one side sent is what the other received.  There is no way to   restart TFTP transfers from anywhere other than the beginning.  TFTP   is a lock step protocol.  Only one packet may be in flight at any one   time.  There is no slow start or smart backoff mechanism in TFTP, but   very simple timeouts.   TFTP is not well suited to file transfers across administrative   domains.  For one thing, TFTP utilizes UDP, and many NATs will not   either support or allow TFTP transfers.  More likely firewalls will   prohibit transfers.   There are no caching semantics within TFTP.  There is no safe way to   cache information using the TFTP protocol.Lear                         Informational                      [Page 3]

RFC 3617                  URI Scheme for TFTP               October 2003   In summary, use of TFTP is strongly discouraged except in the most   limited of circumstances where memory and CPU are at the highest   premium.6.  IANA Considerations   The IANA has registered the URL registration template found inAppendix A in accordance withRFC 2717 [7].7.  Acknowledgments   The author thanks Larry Masinter, Randy Presuhn, Phil Schafer, and   Bill Fenner for their help in developing this document.8.  Intellectual Property Statement   The IETF takes no position regarding the validity or scope of any   intellectual property or other rights that might be claimed to   pertain to the implementation or use of the technology described in   this document or the extent to which any license under such rights   might or might not be available; neither does it represent that it   has made any effort to identify any such rights.  Information on the   IETF's procedures with respect to rights in standards-track and   standards-related documentation can be found inBCP-11.  Copies of   claims of rights made available for publication and any assurances of   licenses to be made available, or the result of an attempt made to   obtain a general license or permission for the use of such   proprietary rights by implementors or users of this specification can   be obtained from the IETF Secretariat.   The IETF invites any interested party to bring to its attention any   copyrights, patents or patent applications, or other proprietary   rights which may cover technology that may be required to practice   this standard.  Please address the information to the IETF Executive   Director.Lear                         Informational                      [Page 4]

RFC 3617                  URI Scheme for TFTP               October 2003Appendix A. Registration Template   URL scheme name: tftp   URL scheme syntax:Section 2   Character encoding considerations:Section 2   Intended usage:Section 1   Applications and/or protocols which use this scheme: [1]   Interoperability considerations: None   Security considerations:Section 5   Relevant publications: [1]   Contact: The author,Section 8   Author/Change Controller: IESGLear                         Informational                      [Page 5]

RFC 3617                  URI Scheme for TFTP               October 2003References   [1]  Sollins, K., "The TFTP Protocol (Revision 2)", STD 33,RFC 1350,        July 1992.   [2]  Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax        Specifications: ABNF",RFC 2234, November 1997.   [3]  Hinden, R., Carpenter, B. and L. Masinter, "Format for Literal        IPv6 Addresses in URL's",RFC 2732, December 1999.   [4]  Berners-Lee, T., Fielding, R. and L. Masinter, "Uniform Resource        Identifiers (URI): Generic Syntax",RFC 2396, August 1998.   [5]  Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L.,        Leach, P. and T. Berners-Lee, "Hypertext Transfer Protocol --        HTTP/1.1",RFC 2616, June 1999.   [6]  Postel, J. and J. Reynolds, "File Transfer Protocol", STD 9,RFC 959, October 1985.   [7]  Petke, R. and I. King, "Registration Procedures for URL Scheme        Names",BCP 35,RFC 2717, November 1999.Author's Address   Eliot Lear   Cisco Systems, Inc.   170 W. Tasman Dr.   San Jose, CA 95134-1706   Phone: +1 (408) 527 4020   EMail: lear@cisco.comLear                         Informational                      [Page 6]

RFC 3617                  URI Scheme for TFTP               October 2003Full Copyright Statement   Copyright (C) The Internet Society (2003).  All Rights Reserved.   This document and translations of it may be copied and furnished to   others, and derivative works that comment on or otherwise explain it   or assist in its implementation may be prepared, copied, published   and distributed, in whole or in part, without restriction of any   kind, provided that the above copyright notice and this paragraph are   included on all such copies and derivative works.  However, this   document itself may not be modified in any way, such as by removing   the copyright notice or references to the Internet Society or other   Internet organizations, except as needed for the purpose of   developing Internet standards in which case the procedures for   copyrights defined in the Internet Standards process must be   followed, or as required to translate it into languages other than   English.   The limited permissions granted above are perpetual and will not be   revoked by the Internet Society or its successors or assignees.   This document and the information contained herein is provided on an   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.Acknowledgement   Funding for the RFC Editor function is currently provided by the   Internet Society.Lear                         Informational                      [Page 7]