Therefore either you need to exclude the data that changes (hash and its RRSIG) when computing the hash for the BitTorrent and the receiving side would have to reassemble this. Or you would need OOB mechanism to distribute the hash (different part of the tree, CDN, ...).
Of course you exclude the hash record from the hash. Look at the way we do DKIM signatures -- the header hash includes all the headers including the signature header, but it pretends there's no hash field in it.
I'm also thinking the hash wouldn't need to include the RRSIG records, since those are mechanically derived from the underlying records and the ZSK.
Regards, John Levine, [email protected], Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
