Re: the way an I-D takes

To: Kai Kretschmann <K.Kretschmann at security-gui.de>
Subject: Re: the way an I-D takes
From: Fred Baker <fred at cisco.com>
Date: Tue, 23 Jul 2002 12:01:13 -0700
Cc: ietf at ietf.org
In-reply-to: <C97CCA7B-9E58-11D6-A8A8-000A27898CA6@security-gui.de>
Sender: owner-ietf at ietf.org

At 06:25 PM 7/23/2002 +0200, Kai Kretschmann wrote:

what further way goes a submitted and published internet draft after a short period of discussion?

That largely depends on you. If it goes into a working group, it becomes a working group document which you might be the editor of or a contributor to. If it remains a personal submission, you can ask the IESG to publish it as an informational RFC. But yes, if you do nothing, it will age out in time.

Question for you on the content of the draft. What you are proposing is, I think, signing web pages as a way to detect when they have been hacked.

You state that the public key needs to come through a third party. I'm not sure I buy that. If you have a business relationship, you could transfer the public key (in a certificate) during the process of setting it up.

You are concerned about transfer of the key at the time because the hacker might substitute a different public key. What I would worry about is the system signing dynamic pages on the fly and therefore using its private key to sign hacked files. How would you address that?

References:
- the way an I-D takes
  - From: Kai Kretschmann

Prev by Date: Re: Jabber BOF afterthoughts
Next by Date: Re: Jabber BOF afterthoughts
Previous by thread: Re: the way an I-D takes
Next by thread: RE: ARPOP_REQUEST with spoofed IP address (joe, turn it off!)
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: the way an I-D takes

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.