Upon doing a round of research for communication protocols in the wild, as well as a few personal interests (FM radio, which I had done a project with last semester, telnet which is so old but still around or the Spanning Tree Protocol, an early network routing protocol developed by a woman pioneer of computer science, Radia Perlman) I ended choosing FTP, the File Transfer Protocol. I chose it mostly for nostalgic reasons. When I started using the internet in the early 2000s, I used to encounter sites served over ftp:// relatively often. Their visibility (and numbers) have been diminishing since, to the point where it took me about a reasonable amount of research in order to simply find one today. As the internet evolves, FTP will likely remain relevant for historical purposes, but its practical uses will be completely obsolete.
The creation of FTP dates back to 1971. Developed by Abhay Bhushan while he was a student at MIT, the initial version of the protocol was published as IETF Request For Comments (RFC) 114 and pre-dates TCP/IP (!!!). This proposal describes a mechanism for “indirect computer usage over a network” – an abstraction which allows a user to interact with a remote computer over the network without needing to log into the remote host, or be familiar with its command line interface. A number of RFCs improved upon the initial specification over the next few years (RFC 172, RFC 265, RFC 542, etc.,) all assuming the operation of this protocol on top of a TCP predecessor, NCP. In June 1980, after almost 10 years of existence, the protocol takes the shape of RFC 765, File Transfer Protocol Specification, which describes FTP communication over TCP. Another five years later, the protocol was revised and extended through RFC 959, which still serves as the base FTP protocol spec. Further feature and security improvements have been published since. All to say that the development of this protocol has been going hand in hand with many other low-level protocols which comprise the internet as we know it today, under the same institutional umbrella – U.S. universities or research institutions, with funding from the government or military.
From a technical point of view, the protocol sits at the Application Layer of the internet protocol suite, similarly to HTTP, DNS or SSH. This means the protocol builds on top of TCP and the guarantees it offers: reliable and ordered message delivery between IP connected machines. The main goals of the protocol are data retrieval and transfer, and the commands specified in RFC 959 reflect that: RETRIEVE (RETR) and STORE (STOR) are the first ones to be listed, followed by another 20 or so commands which can manipulate the server’s file system or offer information about the service.
The RFC also describes the anatomy of FTP connection between two machines as involving two communication lines: a control connection, and a data connection. The control connection is used for sending commands between the two machines (usually on port 21.) Upon establishing the control connection, the two machines agree on another set of ports for the data connection, which is where file transfers actually occur. The control connection between the two computers stays open for as long as needed, which is one of the main differences from the HTTP protocol – HTTP connections open when requests are made, and close once the data is sent, over a single line of communication.
Since the design dates almost 50 years back, FTP performs file transfers in plain text, making it vulnerable from a security point of view. While the protocol specifies a mechanism for authentication, the username and password are also communicated without employing any encryption mechanisms. Secure FTP extensions have been created in the mid-late 1990s order to address the security concern, the most important ones being FTPS (FTP over SSL, just like HTTPS) and SFTP (FTP over an SSH tunnel.)
Since I started going down rabbit hole in order to hopefully find some forgotten corners of the internet, I started searching for active FTP sites. I learned that FTP search engines exist and were (and are) used in similar ways to regular WWW search engines. MAMONT is one that still works, and it sent me to a lovely window into 2005 and the largest collection of FAQs I have seen in my entire life. It made me remember the early internet browsing experience, and made me sad that major internet browsers are considering dropping support for FTP.