[rfc-i] Signing RFCs

Russ Housley housley at vigilsec.com
Wed Jun 29 10:08:15 PDT 2011


Paul:

>> 1) the crypto is need as part of how you assure others that the copies made on date Z have not been tampered with or changed
> 
> The crypto cannot do that unless we also use a timestamping authority that is trusted by all entities that might ever demand to know about something that happened on date Z. Russ did not suggest that we do that, for what I hope are obvious reasons. See related discussions on the PKIX WG archives over the past decade, with a periodicity of about 18 months.

The digital signature includes the signing-time attribute.  It is not a third-party corroboration of the time, but I do not think that is necessary in this situation.  The local clock setting is sufficient.

Russ



More information about the rfc-interest mailing list