Sorry for the delayed reply - I agree with Frederick's comments and would like to go further and suggest we add a note on how "implementations could be smart". Might be worth doing from a security point as well as there could be ways of being smart that aren't so smart if you get what I mean...
Thanks, Mark >-----Original Message----- >From: Frederick Hirsch [mailto:[email protected]] >Sent: 27 February 2009 13:19 >To: [email protected] >Cc: Frederick Hirsch; [email protected] WG; Priestley, >Mark, VF-Group >Subject: Re: [widgets] Digsig optimization > >Marcos > >Yes, logically there would be two self contained signatures >with references to every file in the package. > >Again Policy indicates which signatures must be verified. What >does the packaging spec currently say? To date it has been one >distributor spec that must be verified. We should be clearer >on this - I think this goes with the changes we make regarding >filename sorting and processing. > >However if both are to be verified, and if the algorithms are >the same (which is currently the case given one hash algorithm >in widget >signatures) an implementation could be smart and calculate the >reference hashes once, eliminating that overhead if it were a concern. > >regards, Frederick > >Frederick Hirsch >Nokia > > > >On Feb 27, 2009, at 6:48 AM, ext Marcos Caceres wrote: > >> Hi Frederick, Mark, >> I have a concern wrt the author signature. It seems that both the >> author signature and the distributor signature need to sign >every file >> in the package. Does this mean that, to verify a package, you would >> need to effectively verify everything in the package twice? or is >> verification of the author signature optional? >> >> Kind regards, >> Marcos >> >> >> -- >> Marcos Caceres >> http://datadriven.com.au > >
