Module file parse API

[Sean Mullan]

On 6/21/12 6:36 AM, Paul Sandoz wrote:

>>> Having said that, I've been somewhat dubious on the overall
>>> value/purpose of the hashes inside the module file. They don't
>>> provide any security without something additional such as a
>>> signature, but when generating the signature, it has to
>>> recalculate all of the hashes again to be sure they are still
>>> correct since the module file was created. So their only value is
>>> as a checksum, but my experience with checksums is that they are
>>> usually stored separately from what they are computed over.
>>
>> I view the hashes in an unsigned module file as a checksum also,
>> but I think they are very useful. For example, if a tool is only
>> interested in the classes of a module file, it can skip to the
>> classes section, extract/process it, validate the hash, and exit
>> without having to finish reading the remainder of the module file.
>> This is nice, especially if the module file is being read from a
>> remote stream, and only possible with per section hashes.
>>
>
> Also one does not have to upload/download separate data to/from a
> repository for the content and the hash of the content. This also has
> the advantage that the repository can verify the hashes before
> accepting deployment of a module (instead of say uploading using
> multipart MIME).

Ok, but I want to be sure I understand what you think the value of the 
hashes provides. Hashes without a signature don't provide any security 
since an attacker can change both the data and the hash without 
detection. How are they providing value as a checksum? Do you think it 
will be common for someone to change the internal sections of the module 
file without updating the corresponding section hash?

--Sean