[openssl-dev] Signing Internet-Drafts and RFCs
Russ Housley
housley at vigilsec.com
Thu May 12 14:46:38 UTC 2016
Three points:
(1) There may be people willing to work on code at the hackathon. I have not looked around too much, but I could do that depending on the response to the second point.
(2) We need to validate signatures on I-Ds and RFCs with the standard release. I’m okay with needing 1.1 or later, but I’m not okay with users having to fetch a special version.
(3) We are signing I-Ds now; we just are not including the signing-certificate-v2 attribute. These older signature need to continue to validate, which should not be a problem since you should just hash unknown attributes that are included by the signer.
Russ
On May 12, 2016, at 9:16 AM, Salz, Rich <rsalz at akamai.com> wrote:
> So Matt already mentioned that it's too late for our upcoming 1.1 release. But do you think there'd be interest in adding this at an IETF hackathon? I can be there FWIW. Keeping a separate ietf-openssl branch that has the changes, for example, shouldn't be onerous.
>
> --
> Senior Architect, Akamai Technologies
> IM: richsalz at jabber.at Twitter: RichSalz
>
More information about the openssl-dev
mailing list