eTag is a partial step in this direction. But not very far. There's no defined
way for the client to independently verify it, and it isn't necessarily
identical across different lossless compressions of the object. A tighter
specification could add end-to-end authentication of an object while retaining
the existing functions of eTag.
The most oft-used convention is a separate checksum file. Less often, the
checksum file is signed.
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
