On Tue, Nov 28, 2017 at 07:18:48PM +0000, Blumenthal, Uri - 0553 - MITLL wrote:
> I think it makes perfect sense to sign CLP, because it allows you to > separate trust in the server you�re downloading the content from and the > content itself. The problem with "data at rest" signatures is that it then becomes difficult to ascertain freshness. How do you know that you're not usign a much too stale version of the CLP, that fails to include a recently deprecated trust anchor. Therefore, one needs to be careful to not rely *solely* on the signature of the CLP payload. It is still important to get a fresh copy from a trusted source sufficiently often. -- Viktor. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev