[rfc-i] Signing RFCs
housley at vigilsec.com
Wed Jun 29 08:29:31 PDT 2011
>>>> Periodically, we receive a subpoena to validate various RFCs. My hope is that digital signature can be used instead of a manual process.
>>> I'm not sure how that follows. You get a subpoena that says something like "what is RFC 1234?" to which I presume someone responds with a letter saying "this is RFC 1234" and an attached printout, perhaps all delivered as a PDF for easy filing. I don't see many courts being satisfied with a response that directs them to some crypto gobbledygook instead.
>> That is not how it works. I have been the physical recipient of one of these, so I am quite sure.
>> The subpoena includes several reams of paper.
> So how's the digital signature going to help here?
>> RFCs are printed, and the court wants you to validate that the pages contain the RFC as published on such and such a date. The lawyers have already found the RFC, they want someone else to confirm the content of the file that they already have.
> Personally, sounds like they need expert testimony. They really shouldn't be asking a fact witness to provide expert testimony. If I got such a subpoena, I'd be asking my lawyer how best I can limit my response to facts I have personal knowledge of and avoid comparing presented documents with documents in my store.
>> That is exactly the right thing for the crypto gobbledygook to do.
> Ignoring the testimony bit above, how do expect the crypto gobbledygook to work when the subpoena is as printed document (or came as PDF of scanned in printed documents).
Given the current digital signature law, it is my understanding that the need for the subpoena can be eliminated. That said, the is no way to test this theory without signing the documents.
More information about the rfc-interest