Re: future SFTP version question

[jason bailey <jbailey%aol.net@localhost>]

Exactly. 

A receipt provides proof that a given file was delivered at a specific
time.

Receipts usually contains information like file name, a
fingerprint(hash), and a time stamp which is then signed by the servers
private key. It's part of a non-repudiation process.

To give an example. I deal with the transfer of data from my companies
production network to a variety of third party organizations. For the
majority of file transfers SFTP fits my needs. However there are
occasions where the data is sensitive enough, or we have some sort of
time based contractual obligation, where it is necessary for us to get a
receipt of transfer.

Right now my options are to go with some heavy weight B2B protocol which
requires a team of engineers and an architect to get set up properly. Or
implement our own solution, which inevitably results in placing some
form of server (of our devising) on another companies network. This
tends to make their network people very antsy.

If I could get a receipt capability into a standard like SFTP. It would
allow me promote SFTP over all the other options. It would make my
management happy, and would make my company dealings with other
companies a lot smoother.

Jason


On Wed, 2004-10-27 at 02:16, Jon Bright wrote:
> Hi,
> 
> jason bailey wrote:
> > Would it be within scope to suggest that a future version of the SFTP
> > server provide a signed receipt of the file transfer(on request)?
> > 
> > This feature, would do much to alleviate a lot of our issues with secure
> > file transfers.
> 
> I'm not in a position to answer your question wrt. scope, but I'm 
> curious as to what exactly the signature would signify?  That the server 
> has definitely received the file at a given time?