[rfc-i] Signing RFCs

Joe Touch touch at isi.edu
Wed Jun 29 09:12:25 PDT 2011



On 6/29/2011 9:04 AM, Paul Hoffman wrote:
...
> If the problem you want to solve is addressing subpoenas that ask
> "does X match your copy of Y on date Z", the easiest way to do so is to
> keep a full archive every day and say "this is the backup we made on Z;
> you can do the comparison between the paper you have and our electronic
> archive yourself" using no cryptography and, more importantly, no
> explanation of the cryptography. The cost of this should be about $100
> for a 2TB USB drive, and maybe another $100 for a backup at a remote
> location.

1) the crypto is need as part of how you assure others that the copies 
made on date Z have not been tampered with or changed

2) the equipment costs are only a very small part of the overall 
operational expenses; other costs include training, logging, and 
verification.

I wouldn't be surprised if a full-scale "is this doc valid as of date X" 
archive might end up being a large part of the publication budget, if 
done to the level expected by law enforcement.

Joe


More information about the rfc-interest mailing list