Re: Integrity protection for RFCs (was Re: Status of RFC 20 (was: Re: Gen-ART and OPS-Dir review of) draft-ietf-json-text-sequence-09)

manning bill <bmanning@isi.edu> Tue, 09 December 2014 06:10 UTC

Return-Path: <bmanning@isi.edu>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28CF31A1EF6 for <ietf@ietfa.amsl.com>; Mon, 8 Dec 2014 22:10:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.91
X-Spam-Level:
X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h5v7I3tySPj3 for <ietf@ietfa.amsl.com>; Mon, 8 Dec 2014 22:10:15 -0800 (PST)
Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CDC061A1BF5 for <ietf@ietf.org>; Mon, 8 Dec 2014 22:10:03 -0800 (PST)
Received: from [172.19.249.153] ([88.128.80.13]) (authenticated bits=0) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id sB969OL6012621 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Mon, 8 Dec 2014 22:09:42 -0800 (PST)
Subject: Re: Integrity protection for RFCs (was Re: Status of RFC 20 (was: Re: Gen-ART and OPS-Dir review of) draft-ietf-json-text-sequence-09)
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
Content-Type: text/plain; charset=us-ascii
From: manning bill <bmanning@isi.edu>
In-Reply-To: <20141209045253.GI11221@localhost>
Date: Mon, 8 Dec 2014 22:09:23 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <38D85148-43A5-433B-9D51-F7448FC33E39@isi.edu>
References: <20141206170611.39377.qmail@ary.lan> <54833B14.7010104@cs.tcd.ie> <D1B5A541041D2171FB90DA03@JcK-HP8200.jck.com> <DB4PR06MB45707BD36E5FE5154EC0021AD660@DB4PR06MB457.eurprd06.prod.outlook.com> <935E87BD05D6090238E6FD68@JcK-HP8200.jck.com> <DB4PR06MB45772E3E0C538536D64DD1EAD660@DB4PR06MB457.eurprd06.prod.outlook.com> <CAKHUCzxHdxScDpCSSNS3G+dS9HA1b7va5DpMH92S06T=GM6YSQ@mail.gmail.com> <20141209045253.GI11221@localhost>
To: Nico Williams <nico@cryptonector.com>
X-Mailer: Apple Mail (2.1878.6)
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: bmanning@isi.edu
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/rQYSU24NaBUwOIrn-bZsNTxbsdA
Cc: John C Klensin <john-ietf@jck.com>, "ietf@ietf.org Discussion" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Dec 2014 06:10:41 -0000

this seems silly.  one reason the rocs were widely distributed in both electronic and hardcopy forms was to enable running diffs to check.

/bill
PO Box 12317
Marina del Rey, CA 90295
310.322.8102

On 8December2014Monday, at 20:52, Nico Williams <nico@cryptonector.com> wrote:

> 
> On Sat, Dec 06, 2014 at 11:37:45PM +0000, Dave Cridland wrote:
>> On 6 December 2014 at 22:49, <l.wood@surrey.ac.uk> wrote:
>>> Security pedants might wonder why there is no easy way to authenticate
>>> electronic copies of RFCs, given the vast array of security-related
>>> protocols that the IETF has defined. How can I check the integrity of an
>>> RFC document and that it hasn't been tampered with? I imagine an MD5sum
>>> just won't do.
>> 
>> All the copies I'm reading are properly signed, according to RFC 4637. If
>> yours aren't, maybe they *have* been tampered with.
> 
> Maybe each RFC should be like a commit in any modern version control
> system, complete with a commit hash binding all past RFCs into each new
> RFC.
> 
> Of course, that would really bind us to having canonical RFC
> representations, and/or new renderings by the RFC-Editor added as
> "commits".
> 
> Then we could reference RFCs as RFC-af551e0 (short-form) and
> RFC-af551e089ca623216a312e475a6837de0aa7995b (long-form) and so on :) in
> mailing list discussion, verbally, in RFCs as rendered, in other
> documents, ..., and by doing so we'd be embedding the commit hashes of
> the entire RFC series deeply into the Internet, in a way that would be
> quite difficult to tamper with.
> 
> No digital signatures needed, just a decent hash function.
> 
> Or at least that's what I think Lloyd was suggesting.
> 
> I leave it to others to make a serious proposal along these lines.
> 
> (We can't quite adopt a VCS for this: we'd have to standardize it.)
> 
> Nico
> -- 
>