[rfc-i] digital signatures in documents
dhc at dcrocker.net
Sat Sep 29 09:05:35 PDT 2012
On 9/29/2012 8:46 AM, Russ Housley wrote:
> I support digital signatures on RFCs, but like I-Ds, I think that detached signature are a better approach. See http://www.ietf.org/id-info/idsignatures.html.
Storing it in one place does not automatically preclude storing it in
another, such as attached to the document, unless the storage method is
integral to the security model. (Note, for example, that server
validation in an SSL connection "stores" the validation inline, sort of.)
The normal argument for using a detached mode is the independent
retrieval channel is trusted. Hence, explicit certs aren't used. This
is like looking in the DNS for a key associated with a domain. Is that
why you prefer detached?
More information about the rfc-interest