[rfc-i] digital signatures in documents

Paul Hoffman paul.hoffman at vpnc.org
Sun Sep 30 08:54:08 PDT 2012


On Sep 29, 2012, at 8:46 AM, Russ Housley <housley at vigilsec.com> wrote:

>>>> What I very much would like to see however is the electronic signatures
>>>> be embedded in the document.
>>>> 
>>> A big -1 to that. They add no value to 99.999% of people reading an RFC,
>>> and some software will mark RFCs that have inconsequential bits flipped as
>>> "invalid" or "dangerous" or some such.
> 
> I support digital signatures on RFCs, but like I-Ds, I think that detached signature are a better approach.  See http://www.ietf.org/id-info/idsignatures.html.

That sounds fine, but it is not what the title of this thread. That is "in" != "next to".

Detached signatures have none of the failings of the proposed internal signatures: having to rely on a current broken spec or having to invent a new one, adding cruft that might be exposed to the 99.999% of readers who don't care, encouraging software that might show "failures" for things like changing line-ending characters, etc. Detached signatures allow the teeny number of people who might care about bit-level integrity to check it easily, and we already have working tools that can be used for them.

--Paul Hoffman


More information about the rfc-interest mailing list