Re: future SFTP version question

[nisse%lysator.liu.se@localhost (Niels Möller)]

jason bailey <jbailey%aol.net@localhost> writes:

> Allow me to clarify some of my terminology.

[...]

> Non-repudiation is a growing demand in the corporate world. It is
> inextricably tied into secure file transfers. In a system which requires
> non-repudiation, sftp fulfills all the necessary requirements ( key
> handling, secure transmission, validation ) everything, except for the
> digitally signed receipt/manifest. 

I'm afraid, I'm not really familiar with the non-repudiation area.

> Is it obscure? Not from my perspective, nor the companies I work with.
> Is it specialized? possibly.
> Is it worth the effort. I really can't answer that from this groups
> perspective.
> 
> I was surprised to realize that no one had brought this up before. I
> don't have a problem if, at this time, the working group doesn't believe
> that this is a suitable fit as an extension to the current protocol.
> However I do believe it deserves more critical consideration.

Then I think the first thing you have to do is to write up the
requirements. "Non-repudiation" is a very fuzzy concept to me, and
I'll have a hard time participating in discussion of details in a
non-repudiation mechanism.

I don't know if the others in the secsh wg are familiar with
non-repudiation, but perhaps you have to seek feedback elsewhere in
order to get the requirements right.

When the requirements are clear, we'll have a better foundation for
designing or evaluating extensions to sftp.

Regards,
/Niels