User Tools

Site Tools


Digital Signatures for RFCs

Size (time): Medium (6-12 months)

Importance/Urgency: Medium/Low

Problem Statement: The RFC Production Center is spending an increasing amount of time responding to requests for verification of RFCs as part of the subpoena process. In 2012, the RPC responded to 2 subpoenas. In 2014, the RPC responded to 9 subpoenas. In 2015, the RPC responded to 10 subpoenas. While the legal community is possibly not ready to use signatures to verify the publication date of an RFC, the hope is by making the signatures and the verification process available, the legal community (and anyone else) will be able to check on their own that an RFC was published by the RFC Editor.

Note that the RFC Editor will only sign the RFCs directly published by the RFC Editor. Documents that were recreated as part of the RFC Online Project will not be signed.

For RFCs published before the RFC Format project allows multiple publication formats, only the TXT file will be signed. After the RFC Format project goes live, all outputs (XML, TXT, PDF, HTML) will be signed.

Pros: Digital signatures will allow individuals to verify that the RFC has not been modified since signed. Eventually, this should lessen the burden on the RFC Production Center staff when responding to requests for verification (usually as part of a subpoena).

Cons: This will add another step in the publication process of RFCs, and add additional operational cost in monitoring the changes in best practice around digital signatures.



  • February 2014: A technical issue preventing the verification of signatures, as well as the complexities in signing PDFs, caused this effort to be put on hold
  • May 2016: Technical issues to signing PDFs and verifying signatures was removed, and draft-housley-rfc-and-id-signatures was updated
  • June 2016: Operational process to be developed and reviewed by RSOC, Tools team
dig-sig.txt · Last modified: 2016/05/24 11:33 by rsewikiadmin