[rfc-i] Signing RFCs

Paul Hoffman paul.hoffman at vpnc.org
Wed Jun 29 09:04:07 PDT 2011

On Jun 29, 2011, at 6:19 AM, Russ Housley wrote:

> That is not how it works.  I have been the physical recipient of one of these, so I am quite sure.
> The subpoena includes several reams of paper.  RFCs are printed, and the court wants you to validate that the pages contain the RFC as published on such and such a date.  The lawyers have already found the RFC, they want someone else to confirm the content of the file that they already have.  That is exactly the right thing for the crypto gobbledygook to do.

How? If you send them a copy of RFC 3456 that was digitally signed in August 2011, that does not answer the question "is the thing printed on pages 456 through 499 of ream #2 actually RFC 3456 as of January 2003". You didn't sign the RFC on the date they are asking about, and even for new RFCs going forward, you will have to spend a fair amount of time explaining how to interpret the S/MIME signature, why the court should believe the signature just because Comodo-or-whomever says so, and so on.

If the problem you want to solve is addressing subpoenas that ask "does X match your copy of Y on date Z", the easiest way to do so is to keep a full archive every day and say "this is the backup we made on Z; you can do the comparison between the paper you have and our electronic archive yourself" using no cryptography and, more importantly, no explanation of the cryptography. The cost of this should be about $100 for a 2TB USB drive, and maybe another $100 for a backup at a remote location.

Are there use cases for cryptographically signing RFCs other than subpoenas?

--Paul Hoffman

More information about the rfc-interest mailing list