At 06:25 PM 7/23/2002 +0200, Kai Kretschmann wrote:
what further way goes a submitted and published internet draft after a
short period of discussion?
That largely depends on you. If it goes into a working group, it becomes a
working group document which you might be the editor of or a contributor
to. If it remains a personal submission, you can ask the IESG to publish it
as an informational RFC. But yes, if you do nothing, it will age out in time.
Question for you on the content of the draft. What you are proposing is, I
think, signing web pages as a way to detect when they have been hacked.
You state that the public key needs to come through a third party. I'm not
sure I buy that. If you have a business relationship, you could transfer
the public key (in a certificate) during the process of setting it up.
You are concerned about transfer of the key at the time because the hacker
might substitute a different public key. What I would worry about is the
system signing dynamic pages on the fly and therefore using its private key
to sign hacked files. How would you address that?