Am I correct that there's no standard that's optimized for securely uploading encrypted files? SFTP needlessly re-encrypts encrypted files and I read that One Time Password (OTP) authentication doesn't secure control channel transactions after the login sequence. Seems there's a niche that needs to be filled. Even more useful to me would be a way to encrypt files for the upload and keep the files encrypted at the destination for my backup, while my local files would remain unencrypted. SFTP isn't so bad for my purposes even though it's inefficient, but I've found problems with the only two SFTP clients that I know of that are FIPS 140-2 compliant, and there's even an issue with a popular SFTP server's FIPS 140-2 compliancy (OpenSSL - see http://www.openssl.org/news/secadv_20071129.txt). The general state of file transfer options is pretty bad. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf