[rfc-i] digital signatures in documents
Paul Hoffman
paul.hoffman at vpnc.org
Sun Sep 30 08:54:08 PDT 2012
On Sep 29, 2012, at 8:46 AM, Russ Housley <housley at vigilsec.com> wrote:
>>>> What I very much would like to see however is the electronic signatures
>>>> be embedded in the document.
>>>>
>>> A big -1 to that. They add no value to 99.999% of people reading an RFC,
>>> and some software will mark RFCs that have inconsequential bits flipped as
>>> "invalid" or "dangerous" or some such.
>
> I support digital signatures on RFCs, but like I-Ds, I think that detached signature are a better approach. See http://www.ietf.org/id-info/idsignatures.html.
That sounds fine, but it is not what the title of this thread. That is "in" != "next to".
Detached signatures have none of the failings of the proposed internal signatures: having to rely on a current broken spec or having to invent a new one, adding cruft that might be exposed to the 99.999% of readers who don't care, encouraging software that might show "failures" for things like changing line-ending characters, etc. Detached signatures allow the teeny number of people who might care about bit-level integrity to check it easily, and we already have working tools that can be used for them.
--Paul Hoffman
More information about the rfc-interest
mailing list