RE: future SFTP version question

[jason bailey <jbailey%aol.net@localhost>]

You've made some very good points.

Initially I had considered a flag for the transfer which would result in
a returned RECEIPT rather then a STATUS.

However, given your observations,and reviewing what I am looking for I
see no problem with it being an extension to the protocol. 

I'm not certain that it is, as you put it, orthogonal to the current
functionality. There already appears to be an existing extension to
support a hashing of a file to verify the contents.

In my mind I see this as very similar. We are merely verifying the
contents and that it is on a particular server at a given time.

Jason


On Wed, 2004-10-27 at 09:54, denis bider wrote:
> Technically speaking, an extension to the SFTP protocol could be
implemented
> in which the server would testify (with a digital signature) that a
file of
> a certain name, attributes and contents existed on the server at a
certain
> time.
> 
> Whether or not this file was uploaded entirely by a certain user would
be a
> more complex challenge because SFTP has no such concept as "uploading"
or
> "downloading" a whole file. You have random access and you can pretty
much
> scratch anywhere you want in the remote filesystem.
> 
> An extension that would produce a certificate of a file's existence at
a
> certain time would be fairly straightforward. Provide an extension
request
> type for requesting the certificate, and define the contents of a
receipt.
> 
> If providing a certificate of the file's existence on the server is
> insufficient, and you must really provide a receipt which includes
> information about the act of uploading, this could be done, too. For
> example, a file for which you require an upload receipt must be opened
with
> a certain flag or set of flags which signal that you're going to do
> receipted-uploading. When you open the file, you are allowed to append
to
> the file only (like uploading in TEXT mode). When you close it, the
server
> sends a RECEIPT message rather than STATUS. The format of the RECEIPT
> message is what needs to be defined.
> 
> Whether or not this is something for a separate Internet-Draft
(documenting
> the SFTP extension) or something that can be added to SFTP itself as
an
> optional feature is, I guess, up for the workgroup or the SFTP draft
editor
> to decide. In my view, the first solution type (certificate of file's
> existence) would be more apt for a separate draft because it is fairly
> orthogonal to existing functionality. The second solution type
(certificate
> of the upload act with special flags for opening the file) might be
better
> documented in SFTP itself because of the flag's definition.