[rfc-i] Signing RFCs
housley at vigilsec.com
Wed Jun 29 06:13:36 PDT 2011
>> Comodo has offered to donate the certificates for the RFC Publisher to digitally sign RFCs in the same manner. I suggest we take them up on the offer.
> Sorry, I have to be pedantic (its one of those days) but I hope you mean that the certificates are donated to the 'RFC Editor'. I understand that the actual work happens at the publisher.
I am not sure what you are driving at here. I would expect the certificate to name the RFC Publisher in the subject name, but include rfc-editor at rrfc-editor.org as the email address.
> As far as documentation goes, I guess that modifying RFC5485 with s/IETF Secretariat/RFC Editor/g comes close, correct? I guess we a document (RFC?) to describe the attributes, or is that overkill?
RFC 5485 does not require the signature to be applied at the time the I-D is posted. the signature is added within a few days of posting. We may want the same policy or something else for RFCs.
More information about the rfc-interest