[rfc-i] digital signatures in documents

Dave Crocker dhc at dcrocker.net
Sat Sep 29 09:05:35 PDT 2012



On 9/29/2012 8:46 AM, Russ Housley wrote:
> I support digital signatures on RFCs, but like I-Ds, I think that detached signature are a better approach.  See http://www.ietf.org/id-info/idsignatures.html.


Storing it in one place does not automatically preclude storing it in 
another, such as attached to the document, unless the storage method is 
integral to the security model.  (Note, for example, that server 
validation in an SSL connection "stores" the validation inline, sort of.)

The normal argument for using a detached mode is the independent 
retrieval channel is trusted.  Hence, explicit certs aren't used.  This 
is like looking in the DNS for a key associated with a domain.  Is that 
why you prefer detached?

d/

-- 
  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net


More information about the rfc-interest mailing list