Securing login and control channel transactions only

To: ietf at ietf.org
Subject: Securing login and control channel transactions only
From: "Barry" <barry at polisource.com>
Date: Sun, 9 Dec 2007 05:21:04 -0500 (EST)
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; h=Received:Message-ID:Date:Subject:From:To:User-Agent:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Priority:Importance; s=default; d=polisource.com; b=UsFTKq7rHTrRuIl+TzUIalNSqhirUixZssqO/LKS6RBnX1x1k+vGFbJGtoGcJPUCVM5DFY5SNJFElnFawvPENIG7dsL1Bn2G8dA4zhWB9+1FfhohUHDRtsDXT3fCQzuYASiqnXYEJF0tJ776ar2gg8Jm5OUft9VGqCURLwcFaDQ=;
Importance: Normal
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
User-agent: SquirrelMail/1.4.12

Am I correct that there's no standard that's optimized for securely
uploading encrypted files? SFTP needlessly re-encrypts encrypted files and
I read that One Time Password (OTP) authentication doesn't secure control
channel transactions after the login sequence. Seems there's a niche that
needs to be filled.

Even more useful to me would be a way to encrypt files for the upload and
keep the files encrypted at the destination for my backup, while my local
files would remain unencrypted.

SFTP isn't so bad for my purposes even though it's inefficient, but I've
found problems with the only two SFTP clients that I know of that are FIPS
140-2 compliant, and there's even an issue with a popular SFTP server's
FIPS 140-2 compliancy (OpenSSL - see
http://www.openssl.org/news/secadv_20071129.txt). The general state of
file transfer options is pretty bad.

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Prev by Date: Re: Last Call: draft-klensin-rfc2821bis (Simple Mail Transfer Protocol) to Draft Standard (3)
Next by Date: Re: Revising full standards
Previous by thread: Re: Last Call: draft-klensin-rfc2821bis (Simple Mail Transfer Protocol) to Draft Standard (3)
Next by thread: RE: Last Call: draft-ietf-16ng-ps-goals (IP over 802.16 Problem Statement and Goals) to Informational RFC
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Securing login and control channel transactions only

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.