IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: future SFTP version question
jason bailey <jbailey%aol.net@localhost> writes:
> Allow me to clarify some of my terminology.
[...]
> Non-repudiation is a growing demand in the corporate world. It is
> inextricably tied into secure file transfers. In a system which requires
> non-repudiation, sftp fulfills all the necessary requirements ( key
> handling, secure transmission, validation ) everything, except for the
> digitally signed receipt/manifest.
I'm afraid, I'm not really familiar with the non-repudiation area.
> Is it obscure? Not from my perspective, nor the companies I work with.
> Is it specialized? possibly.
> Is it worth the effort. I really can't answer that from this groups
> perspective.
>
> I was surprised to realize that no one had brought this up before. I
> don't have a problem if, at this time, the working group doesn't believe
> that this is a suitable fit as an extension to the current protocol.
> However I do believe it deserves more critical consideration.
Then I think the first thing you have to do is to write up the
requirements. "Non-repudiation" is a very fuzzy concept to me, and
I'll have a hard time participating in discussion of details in a
non-repudiation mechanism.
I don't know if the others in the secsh wg are familiar with
non-repudiation, but perhaps you have to seek feedback elsewhere in
order to get the requirements right.
When the requirements are clear, we'll have a better foundation for
designing or evaluating extensions to sftp.
Regards,
/Niels
Home |
Main Index |
Thread Index |
Old Index