[rfc-i] Signing RFCs

Paul Hoffman paul.hoffman at vpnc.org
Wed Jun 29 09:52:45 PDT 2011


On Jun 29, 2011, at 9:39 AM, Joe Touch wrote:
> When a person says "I copied X into a backup near date Z", a good lawyer would ask "how do you know *this* document was part of that process"? That's why notary organizations (that's what we're asking for) usually have very detailed procedures; those procedures are frequently the focus of their testimony.

If the person answers "I know it because that's what I usually do", there isn't really much a good lawyer can demand from them. No one is demanding that the IETF become a notary organization, even though a very small number of parties in legal disputes would love it if we were. We're not, and they can just live with it.

> Now that I raise the point, why not foist this off to another organization that already supports this? e.g.:
> http://www.surety.com/

Would "real cost with no provable value" suffice as an answer? Us doing our own signing has a small upfront cost and basically no running costs. If it later turns out that there are running costs (such as causing greater time spent answering subpoenas instead of less), we can turn it off. Otherwise, it can be run in the background.

--Paul Hoffman



More information about the rfc-interest mailing list