Integrity protection for RFCs (was Re: Status of RFC 20 (was: Re: Gen-ART and OPS-Dir review of) draft-ietf-json-text-sequence-09)
Nico Williams <nico@cryptonector.com> Tue, 09 December 2014 04:53 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22C451A1BA5 for <ietf@ietfa.amsl.com>; Mon, 8 Dec 2014 20:53:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.266
X-Spam-Level:
X-Spam-Status: No, score=-0.266 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XFazByXqbJ_C for <ietf@ietfa.amsl.com>; Mon, 8 Dec 2014 20:52:59 -0800 (PST)
Received: from homiemail-a74.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 288D91A06E9 for <ietf@ietf.org>; Mon, 8 Dec 2014 20:52:59 -0800 (PST)
Received: from homiemail-a74.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a74.g.dreamhost.com (Postfix) with ESMTP id AAFC867C06D; Mon, 8 Dec 2014 20:52:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=w+X3uLBf2pR6RX rd8vYPeErt7QY=; b=SjwIcBDm6zdz39d3Vk3zyb0U/hlNtlb6DyI9+WR8Mnhe85 Z1OxziEPQIPSwPWnCNAUFVNa3/tSwI/Fr1yAcSe9dqfhDMsbpUZlvW3aOmwx1aJi bH5BTYPRmO6zTyc+1/YX/PHeq0FnhZr5JqK1SwVB9j/XJv2XTrJKp1YoLOgic=
Received: from localhost (108-207-244-174.lightspeed.austtx.sbcglobal.net [108.207.244.174]) (Authenticated sender: nico@cryptonector.com) by homiemail-a74.g.dreamhost.com (Postfix) with ESMTPA id 4A4F467C06B; Mon, 8 Dec 2014 20:52:58 -0800 (PST)
Date: Mon, 08 Dec 2014 22:52:57 -0600
From: Nico Williams <nico@cryptonector.com>
To: Dave Cridland <dave@cridland.net>
Subject: Integrity protection for RFCs (was Re: Status of RFC 20 (was: Re: Gen-ART and OPS-Dir review of) draft-ietf-json-text-sequence-09)
Message-ID: <20141209045253.GI11221@localhost>
References: <20141206170611.39377.qmail@ary.lan> <54833B14.7010104@cs.tcd.ie> <D1B5A541041D2171FB90DA03@JcK-HP8200.jck.com> <DB4PR06MB45707BD36E5FE5154EC0021AD660@DB4PR06MB457.eurprd06.prod.outlook.com> <935E87BD05D6090238E6FD68@JcK-HP8200.jck.com> <DB4PR06MB45772E3E0C538536D64DD1EAD660@DB4PR06MB457.eurprd06.prod.outlook.com> <CAKHUCzxHdxScDpCSSNS3G+dS9HA1b7va5DpMH92S06T=GM6YSQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAKHUCzxHdxScDpCSSNS3G+dS9HA1b7va5DpMH92S06T=GM6YSQ@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/1UpiQ2HOWCB9AJWpnMHM88H1_pg
Cc: John C Klensin <john-ietf@jck.com>, "ietf@ietf.org Discussion" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Dec 2014 04:53:00 -0000
On Sat, Dec 06, 2014 at 11:37:45PM +0000, Dave Cridland wrote: > On 6 December 2014 at 22:49, <l.wood@surrey.ac.uk> wrote: > > Security pedants might wonder why there is no easy way to authenticate > > electronic copies of RFCs, given the vast array of security-related > > protocols that the IETF has defined. How can I check the integrity of an > > RFC document and that it hasn't been tampered with? I imagine an MD5sum > > just won't do. > > All the copies I'm reading are properly signed, according to RFC 4637. If > yours aren't, maybe they *have* been tampered with. Maybe each RFC should be like a commit in any modern version control system, complete with a commit hash binding all past RFCs into each new RFC. Of course, that would really bind us to having canonical RFC representations, and/or new renderings by the RFC-Editor added as "commits". Then we could reference RFCs as RFC-af551e0 (short-form) and RFC-af551e089ca623216a312e475a6837de0aa7995b (long-form) and so on :) in mailing list discussion, verbally, in RFCs as rendered, in other documents, ..., and by doing so we'd be embedding the commit hashes of the entire RFC series deeply into the Internet, in a way that would be quite difficult to tamper with. No digital signatures needed, just a decent hash function. Or at least that's what I think Lloyd was suggesting. I leave it to others to make a serious proposal along these lines. (We can't quite adopt a VCS for this: we'd have to standardize it.) Nico --
- Gen-ART and OPS-Dir review of draft-ietf-json-tex… Black, David
- Re: Gen-ART and OPS-Dir review of draft-ietf-json… Barry Leiba
- RE: Gen-ART and OPS-Dir review of draft-ietf-json… Black, David
- Re: Status of RFC 20 (was: Re: Gen-ART and OPS-Di… John Levine
- Status of RFC 20 (was: Re: Gen-ART and OPS-Dir re… John C Klensin
- Re: Status of RFC 20 (was: Re: Gen-ART and OPS-Di… Stewart Bryant (stbryant)
- Re: Status of RFC 20 (was: Re: Gen-ART and OPS-Di… John C Klensin
- Re: Status of RFC 20 (was: Re: Gen-ART and OPS-Di… Stephen Farrell
- Re: Status of RFC 20 (was: Re: Gen-ART and OPS-Di… John C Klensin
- Re: Status of RFC 20 (was: Re: Gen-ART and OPS-Di… Stephen Farrell
- Re: Status of RFC 20 Brian E Carpenter
- Re: Status of RFC 20 (was: Re: Gen-ART and OPS-Di… l.wood
- Re: Status of RFC 20 (was: Re: Gen-ART and OPS-Di… John C Klensin
- Re: Status of RFC 20 (was: Re: Gen-ART and OPS-Di… l.wood
- Re: Status of RFC 20 (was: Re: Gen-ART and OPS-Di… Dave Cridland
- Re: Status of RFC 20 (was: Re: Gen-ART and OPS-Di… Barry Leiba
- Re: Gen-ART and OPS-Dir review of draft-ietf-json… Patrik Fältström
- Re: Status of RFC 20 (was: Re: Gen-ART and OPS-Di… Phillip Hallam-Baker
- Re: Status of RFC 20 Carsten Bormann
- Re: Gen-ART and OPS-Dir review of draft-ietf-json… Pete Resnick
- Re: [Json] Gen-ART and OPS-Dir review of draft-ie… Patrik Fältström
- Re: Status of RFC 20 joel jaeggli
- Re: Status of RFC 20 John C Klensin
- Re: Status of RFC 20 joel jaeggli
- RE: [Json] Gen-ART and OPS-Dir review of draft-ie… Black, David
- Re: [Json] Gen-ART and OPS-Dir review of draft-ie… Patrik Fältström
- Re: [Json] Gen-ART and OPS-Dir review of draft-ie… Patrik Fältström
- Re: [Json] Gen-ART and OPS-Dir review of draft-ie… Tim Bray
- Re: [Json] Gen-ART and OPS-Dir review of draft-ie… Patrik Fältström
- Re: [Json] Gen-ART and OPS-Dir review of draft-ie… John Cowan
- Re: [Json] Gen-ART and OPS-Dir review of draft-ie… John Cowan
- Re: [Json] Gen-ART and OPS-Dir review of draft-ie… Nico Williams
- Re: [Json] Gen-ART and OPS-Dir review of draft-ie… Nico Williams
- Re: [Json] Gen-ART and OPS-Dir review of draft-ie… Nico Williams
- Re: Gen-ART and OPS-Dir review of draft-ietf-json… Nico Williams
- Re: [Json] Gen-ART and OPS-Dir review of draft-ie… Nico Williams
- Integrity protection for RFCs (was Re: Status of … Nico Williams
- Re: [Json] Gen-ART and OPS-Dir review of draft-ie… Patrik Fältström
- Re: Status of RFC 20 Nico Williams
- Re: [Json] Gen-ART and OPS-Dir review of draft-ie… Nico Williams
- Re: Integrity protection for RFCs (was Re: Status… manning bill
- Re: [Json] Gen-ART and OPS-Dir review of draft-ie… Martin J. Dürst
- Re: [Json] Gen-ART and OPS-Dir review of draft-ie… Patrik Fältström
- Re: [Json] Gen-ART and OPS-Dir review of draft-ie… Patrik Fältström
- Re: Cited documents, was Status of RFC 20 John Levine
- RE: Gen-ART and OPS-Dir review of draft-ietf-json… Black, David
- Re: Cited documents, was Status of RFC 20 Dave Crocker
- Re: Cited documents, was Status of RFC 20 Nico Williams
- Re: [Json] Gen-ART and OPS-Dir review of draft-ie… John Cowan
- Re: Status of RFC 20 Heather Flanagan (RFC Series Editor)
- Re: Gen-ART and OPS-Dir review of draft-ietf-json… Nico Williams
- RE: Gen-ART and OPS-Dir review of draft-ietf-json… Black, David
- Re: Cited documents, was Status of RFC 20 Andrew Sullivan
- Re: Cited documents, was Status of RFC 20 John C Klensin
- Re: Gen-ART and OPS-Dir review of draft-ietf-json… Nico Williams
- Re: Gen-ART and OPS-Dir review of draft-ietf-json… Matthew Kerwin
- Re: Gen-ART and OPS-Dir review of draft-ietf-json… Nico Williams
- RE: Gen-ART and OPS-Dir review of draft-ietf-json… Black, David
- Re: [Json] Gen-ART and OPS-Dir review of draft-ie… John Cowan
- Re: Status of RFC 20 (was: Re: Gen-ART and OPS-Di… Julian Reschke
- Re: Status of RFC 20 (was: Re: Gen-ART and OPS-Di… ned+ietf
- Re: Status of RFC 20 (was: Re: Gen-ART and OPS-Di… John C Klensin
- Re: Status of RFC 20 (was: Re: Gen-ART and OPS-Di… John C Klensin
- Re: Status of RFC 20 (was: Re: Gen-ART and OPS-Di… ned+ietf
- Re: Status of RFC 20 (was: Re: Gen-ART and OPS-Di… John C Klensin