> From: Lloyd Wood <[EMAIL PROTECTED]>

> > If only to set a good example for the world, could somebody please
> > arrange to have the IETF mailing lists, starting with this one, create
> > and publish its own certificate()s and notice and use STARTTLS?
>
> Absolutely pointless when there's no electronic guarantee of integrity 
> for RFCs, which can be edited on a whim.
>
> Start there - with content that actually _matters_.

No, it's less hopeless or at least Sisyphean to start where the content
does not matter and where the only reasonable objections involve someone
with the right passwords getting time to do the job.

STARTTLS is an official standard that is widely implemented and hidden in
the bowels SMTP.  Signing RFCs would involve all manner of questions about
protocols and mechanisms.  If you somehow agreed on the signing mechanism,
you'd then have controversies about signing I-Ds, whether the RFC editor
would need to share keys with I-D and RFC authors, and other issues that
would be lost in the forthcoming flame wars about separate series of RFCs
and whether I-Ds should be expired.


> run your own RFC mirror. get paranoid.

Don't each of us have private archives of RFCs?  Don't you regularly write
your archives to non-volatile backup such as CDROM guard against bit rot?
I don't know about pushing it on strangers, but how else do you search
the literature of your art but in your own stash?  Being able to notice
changes or differences (e.g. those between ftp.isi.edu and the IETF's
pages) is a weakly entertaining secondary application.


Vernon Schryver    [EMAIL PROTECTED]

Reply via email to