On Mon, Dec 09, 2019 at 05:55:54PM +0000, Salz, Rich <rsalz@xxxxxxxxxx> wrote a message of 11 lines which said: > I don't know if this is substantive or not, but OpenSSL has provided > this since Feb 2018. % wget https://www.openssl.org/.well-known/security.txt % wget https://www.openssl.org/news/openssl-security.asc % gpg --import openssl-security.asc % wget https://www.openssl.org/.well-known/security.txt.asc % gpg --verify security.txt.asc security.txt gpg: Signature made Thu Jan 4 04:22:26 2018 CET gpg: using RSA key EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5 gpg: BAD signature from "OpenSSL OMC <openssl-omc@xxxxxxxxxxx>" [unknown] This illustrates a common problem with all similar schemes: these files tend to rot. Still, I support the draft (the above issue is well described in section 6.2). -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
