[creshal]

> Also, what MITM attacks are you afraid of with SFTP?

SFTP, like SSH, is "trust on first use". If you don't have some out-of-band mechanism in place to verify the server fingerprint, you're going to have a bad time.

While the CA system isn't perfect, rolling out your own CA to clients is easily automated and verifying certificates from that point on happens automatically.

[anc84]

If a client orders SFTP providing off-band fingerprints is a trivial step.

[creshal]

If that client is a single person, sure. If the client is a 500 person organization where half need access to the server, I can see why people would prefer FTPS with a certificate from their internal CA.

[frutiger]

You can do SSH certificates that can sign and revoke keys. For some reason, most people assume TLS when you mention the word certificate. Read the CERTIFICATES section in ssh-keygen(1).

[creshal]

True, but you still need to build your own infrastructure to roll out the CA, vs. X.509, which is implicitly handled by all OSes.