Re: future SFTP version question

[der Mouse <mouse%Rodents.Montreal.QC.CA@localhost>]

>> Non-repudiation is a growing demand in the corporate world.  [...]
> I'm afraid, I'm not really familiar with the non-repudiation area.

Non-repudiation is a way of arranging that it is impossible (well,
infeasible - about as impossible as anything gets in cryptography) to
later claim "no I didn't do that".  (As a non-crypto example, for
example, my signature on a document gives some non-repudiable assurance
I've read the document.)

It's not clear how it's being used here: is the client trying to
protect itself against a server saying "no I never received that file"
or is the server trying to protect itself against a client saying "no I
didn't send that file"?  (The mechanisms sketched appear to be designed
for the former, but that strikes me as an unlikely desire.)

When I first saw the mechanisms outlined, it appeared to me that they
were designed to give the client a certificate which could demonstrate
to a third party that the server did indeed receive the file; while
this does have non-repudiation uses, it seemed to me more designed to
allow the client to prove the fact of transmission to a third paty
without requiring the proof to involve contacting the receiving host or
its admins.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse%rodents.montreal.qc.ca@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B