On Wed, Jan 21, 2009 at 11:55 AM, <[email protected]> wrote: > What's the point of having a hash anyway? > Aren't we more likely to want to verify a signature? > So the container JS has one or more DSA public keys baked in, and it can > then verify content from one of a set of trusted gadget providers.
That's a good point. Thanks for clarifying. The important scenario imho would be to have the stuff signed by a trusted *cajoler*. However, since the code is not a string literal, it's not clear how that would be useful. I think I'll just delete this stuff for now. Ihab -- Ihab A.B. Awad, Palo Alto, CA
