You've made some very good points.
Initially I had considered a flag for the transfer which would result in
a returned RECEIPT rather then a STATUS.
However, given your observations,and reviewing what I am looking for I
see no problem with it being an extension to the protocol.
I'm not certain that it is, as you put it, orthogonal to the current
functionality. There already appears to be an existing extension to
support a hashing of a file to verify the contents.
In my mind I see this as very similar. We are merely verifying the
contents and that it is on a particular server at a given time.
Jason
On Wed, 2004-10-27 at 09:54, denis bider wrote:
Technically speaking, an extension to the SFTP protocol could be
implemented
in which the server would testify (with a digital signature) that a
file of
a certain name, attributes and contents existed on the server at a
certain
time.
Whether or not this file was uploaded entirely by a certain user would
be a
more complex challenge because SFTP has no such concept as "uploading"
or
"downloading" a whole file. You have random access and you can pretty
much
scratch anywhere you want in the remote filesystem.
An extension that would produce a certificate of a file's existence at
a
certain time would be fairly straightforward. Provide an extension
request
type for requesting the certificate, and define the contents of a
receipt.
If providing a certificate of the file's existence on the server is
insufficient, and you must really provide a receipt which includes
information about the act of uploading, this could be done, too. For
example, a file for which you require an upload receipt must be opened
with
a certain flag or set of flags which signal that you're going to do
receipted-uploading. When you open the file, you are allowed to append
to
the file only (like uploading in TEXT mode). When you close it, the
server
sends a RECEIPT message rather than STATUS. The format of the RECEIPT
message is what needs to be defined.
Whether or not this is something for a separate Internet-Draft
(documenting
the SFTP extension) or something that can be added to SFTP itself as
an
optional feature is, I guess, up for the workgroup or the SFTP draft
editor
to decide. In my view, the first solution type (certificate of file's
existence) would be more apt for a separate draft because it is fairly
orthogonal to existing functionality. The second solution type
(certificate
of the upload act with special flags for opening the file) might be
better
documented in SFTP itself because of the flag's definition.