Am I correct that there's no standard that's optimized for securely
uploading encrypted files? SFTP needlessly re-encrypts encrypted files and
I read that One Time Password (OTP) authentication doesn't secure control
channel transactions after the login sequence. Seems there's a niche that
needs to be filled.
Even more useful to me would be a way to encrypt files for the upload and
keep the files encrypted at the destination for my backup, while my local
files would remain unencrypted.
SFTP isn't so bad for my purposes even though it's inefficient, but I've
found problems with the only two SFTP clients that I know of that are FIPS
140-2 compliant, and there's even an issue with a popular SFTP server's
FIPS 140-2 compliancy (OpenSSL - see
http://www.openssl.org/news/secadv_20071129.txt). The general state of
file transfer options is pretty bad.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf