[rfc-i] Signing RFCs

Russ Housley housley at vigilsec.com
Wed Jun 29 06:13:36 PDT 2011


Olaf:

>>  Comodo has offered to donate the certificates for the RFC Publisher to digitally sign RFCs in the same manner.  I suggest we take them up on the offer.
> 
> Sorry, I have to be pedantic (its one of those days) but I hope you mean that the certificates are donated to the 'RFC Editor'. I understand that the actual work happens at the publisher.

I am not sure what you are driving at here.  I would expect the certificate to name the RFC Publisher in the subject name, but include rfc-editor at rrfc-editor.org as the email address.

> As far as documentation goes, I guess that modifying RFC5485 with s/IETF Secretariat/RFC Editor/g comes close, correct? I guess we a document (RFC?) to describe the attributes, or is that overkill?

RFC 5485 does not require the signature to be applied at the time the I-D is posted.  the signature is added within a few days of posting.  We may want the same policy or something else for RFCs.

Russ



More information about the rfc-interest mailing list