Re: future SFTP version question

To: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Subject: Re: future SFTP version question
From: Bill Sommerfeld <sommerfeld%sun.com@localhost>
Date: Tue, 02 Nov 2004 09:02:34 -0500

On Tue, 2004-11-02 at 03:23, Peter Gutmann wrote:
> Well, that's the problem, legal nonrepudiation is well-established and well-
> defined, but technical nonrepudiation isn't.  The best advice I've seen (from
> talking to lawyers) is (1) back everything up with paper documents and written
> signatures and (2) pray you never become the test case.

I think I've seen enough on this thread.  

My take:

Reusing keys used for authentication and/or key management within SSH to
also sign the receipts seems like a bad idea.

Defining a receipt format is out of scope for this WG, in part because
it involves too many political and financial layer considerations.

A draft explaining how to carry someone else's receipt format as an
opaque bag of bits within ssh/sftp might potentially be in scope, if an
appropriate one which meets relevant layer-8 and layer-9 requirements
exists and can be referenced. 

						- Bill

(N. B. since it's been a while since I've seen those T-shirts for sale
at an IETF... I'm using the quasi-satirical IETF extension of the ISO
reference model to add layer 8 (financial) and layer 9 (political) on
top of layer 7 (application).

References:
- Re: future SFTP version question
  - From: Peter Gutmann

Prev by Date: Re: future SFTP version question
Next by Date: Re: SFTP v6?
Previous by Thread: Re: future SFTP version question
Next by Thread: RE: future SFTP version question
Indexes:

Home | Main Index | Thread Index | Old Index