IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: future SFTP version question



On Tue, 2004-11-02 at 03:23, Peter Gutmann wrote:
> Well, that's the problem, legal nonrepudiation is well-established and well-
> defined, but technical nonrepudiation isn't.  The best advice I've seen (from
> talking to lawyers) is (1) back everything up with paper documents and written
> signatures and (2) pray you never become the test case.

I think I've seen enough on this thread.  

My take:

Reusing keys used for authentication and/or key management within SSH to
also sign the receipts seems like a bad idea.

Defining a receipt format is out of scope for this WG, in part because
it involves too many political and financial layer considerations.

A draft explaining how to carry someone else's receipt format as an
opaque bag of bits within ssh/sftp might potentially be in scope, if an
appropriate one which meets relevant layer-8 and layer-9 requirements
exists and can be referenced. 

						- Bill

(N. B. since it's been a while since I've seen those T-shirts for sale
at an IETF... I'm using the quasi-satirical IETF extension of the ISO
reference model to add layer 8 (financial) and layer 9 (political) on
top of layer 7 (application). 






Home | Main Index | Thread Index | Old Index