Module file parse API
Chris Hegarty
chris.hegarty at oracle.com
Thu Jun 21 06:47:37 PDT 2012
On 21/06/2012 14:00, Sean Mullan wrote:
> ...
>> No. Not someone but something by non-nefarious means :-) Bit rot on
>> network transmission or on disk.
>
> I don't know it still seems like unnecessary overhead for an extremely
> small likelihood. And wouldn't the entire file including the hashes be
> suspect then?
>
> The hashes aren't even useful for signatures. This is because the signer
> *must* generate the hashes itself, and then generate a signature over
> them inside a PKCS#7 SignedData blob. It doesn't even use the existing
> hashes, so they are just extra duplication.
I guess I'd ask the question another way. Without the hashes would we
need to circulate a separate checksum file to verify data integrity? If
so, we wouldn't be able to verify the integrated on a per section basis
( unless the checksum file contained multiple hashes ). Verifying data
integrity on a per section basis appears to be very useful.
-Chris.
>
> --Sean
More information about the jigsaw-dev
mailing list