At 06:25 PM 7/23/2002 +0200, Kai Kretschmann wrote: >what further way goes a submitted and published internet draft after a >short period of discussion? That largely depends on you. If it goes into a working group, it becomes a working group document which you might be the editor of or a contributor to. If it remains a personal submission, you can ask the IESG to publish it as an informational RFC. But yes, if you do nothing, it will age out in time. Question for you on the content of the draft. What you are proposing is, I think, signing web pages as a way to detect when they have been hacked. You state that the public key needs to come through a third party. I'm not sure I buy that. If you have a business relationship, you could transfer the public key (in a certificate) during the process of setting it up. You are concerned about transfer of the key at the time because the hacker might substitute a different public key. What I would worry about is the system signing dynamic pages on the fly and therefore using its private key to sign hacked files. How would you address that?